Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity

Compare commits

base: Lumpiasty:renovate/open-webui-13.x
Branches Tags
Lumpiasty:fresh-start Lumpiasty:renovate/renovate-renovate-43.x Lumpiasty:renovate/alpine-k8s-1.x Lumpiasty:renovate/open-webui-13.x Lumpiasty:renovate/cloudnative-pg-0.x Lumpiasty:renovate/renovate-renovate-41.x
..
compare: Lumpiasty:6730ec8374d1bf02119ebfba3fe68e5309bf6fc5
Branches Tags
Lumpiasty:renovate/renovate-renovate-43.x Lumpiasty:fresh-start Lumpiasty:renovate/alpine-k8s-1.x Lumpiasty:renovate/open-webui-13.x Lumpiasty:renovate/cloudnative-pg-0.x Lumpiasty:renovate/renovate-renovate-41.x

489 Commits
renovate/o ... 6730ec8374

Author SHA1 Message Date
Lumpiasty
6730ec8374 Add nginx ingress annotation to increase proxy body size limit 2026-03-12 19:14:11 +01:00
Lumpiasty
1e5c0be846 Categorize and add missing entries to app list 2026-03-12 18:48:28 +01:00
Lumpiasty
2d1001f0f2 Remake Ansible playbook to target MikroTik router 
Basically, I've exported configuration from Mikrotik router using /export and vibe-coded playbook using the file.
 2026-03-12 18:03:17 +01:00
Lumpiasty
6cf71312f6 Merge pull request 'chore(deps): update helm release cert-manager to v1.20.0' (#152) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #152
 2026-03-12 16:56:05 +00:00
Lumpiasty
d581e5462d Merge pull request 'chore(deps): update renovate/renovate docker tag to v43.64.6' (#153) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #153
 2026-03-12 16:55:09 +00:00
Renovate
48da9d8081 Merge pull request 'chore(deps): update helm release openbao to v0.25.7' (#156) from renovate/openbao-0.x into fresh-start 2026-03-12 16:47:00 +00:00
Renovate Bot
0c619a4005 chore(deps): update renovate/renovate docker tag to v43.64.6 2026-03-12 16:47:00 +00:00
Renovate Bot
a45dcee95d chore(deps): update helm release openbao to v0.25.7 2026-03-12 16:46:57 +00:00
Renovate
3e39b9d7a3 Merge pull request 'chore(deps): update registry.k8s.io/coredns/coredns docker tag to v1.14.2' (#155) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 2026-03-12 00:00:44 +00:00
Renovate
7b5f097b2d Merge pull request 'chore(deps): update helm release cert-manager-webhook-ovh to v0.9.4' (#154) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 2026-03-12 00:00:41 +00:00
Renovate Bot
91b7a69e31 chore(deps): update registry.k8s.io/coredns/coredns docker tag to v1.14.2 2026-03-12 00:00:40 +00:00
Renovate Bot
42dfa2850d chore(deps): update helm release cert-manager-webhook-ovh to v0.9.4 2026-03-12 00:00:37 +00:00
Lumpiasty
9cfb599c7d add 27b q3 variant of qwen3.5 2026-03-11 02:15:24 +01:00
Renovate Bot
8bcc3dd49c chore(deps): update helm release cert-manager to v1.20.0 2026-03-11 00:15:05 +00:00
Lumpiasty
311f0362a8 lower kv cache quant to q4_0 and increase ctx to 64k 2026-03-10 14:02:17 +01:00
Lumpiasty
46c752773f remove ttl of all models in llama-swap 2026-03-10 13:48:10 +01:00
Lumpiasty
5462718dfb Merge pull request 'chore(deps): update helm release cert-manager-webhook-ovh to v0.9.3' (#149) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #149
 2026-03-10 12:17:35 +00:00
Lumpiasty
c1b1fb7315 Merge pull request 'chore(deps): update renovate/renovate docker tag to v43.60.6' (#150) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #150
 2026-03-10 12:16:28 +00:00
Renovate Bot
95012b1fc1 chore(deps): update renovate/renovate docker tag to v43.60.6 2026-03-10 12:14:14 +00:00
Renovate Bot
ec054e476d chore(deps): update helm release cert-manager-webhook-ovh to v0.9.3 2026-03-10 12:14:11 +00:00
Renovate
50d20b7aa2 Merge pull request 'chore(deps): update ghcr.io/mostlygeek/llama-swap docker tag to v197-vulkan-b8248' (#151) from renovate/ghcr.io-mostlygeek-llama-swap-197.x into fresh-start 2026-03-10 12:14:11 +00:00
Renovate Bot
77d1a4bb34 chore(deps): update ghcr.io/mostlygeek/llama-swap docker tag to v197-vulkan-b8248 2026-03-10 12:14:09 +00:00
Lumpiasty
eb33cad5c6 refactor: add move llama-swap package config to renovate.json 2026-03-10 13:13:38 +01:00
Lumpiasty
295d4fcde6 configure renovate to automatically merge patch updates 2026-03-10 13:07:37 +01:00
Lumpiasty
6b012e01a8 update renovate comment for llama-swap image tag management 2026-03-10 12:55:03 +01:00
Lumpiasty
77097bf81d Merge pull request 'Update renovate/renovate Docker tag to v43.60.4' (#145) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #145
 2026-03-10 11:54:05 +00:00
Lumpiasty
78fbe875c9 Merge pull request 'Update Helm release ingress-nginx to v4.15.0' (#148) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #148
 2026-03-10 11:53:58 +00:00
Lumpiasty
82029fa745 Merge pull request 'Update caddy Docker tag to v2.11.2' (#147) from renovate/caddy-2.x into fresh-start 
Reviewed-on: #147
 2026-03-10 11:53:51 +00:00
Lumpiasty
d6204b49c8 Merge pull request 'Update Helm release open-webui to v12.10.0' (#146) from renovate/open-webui-12.x into fresh-start 
Reviewed-on: #146
 2026-03-10 11:53:42 +00:00
Renovate Bot
f394b06006 Update renovate/renovate Docker tag to v43.60.4 2026-03-10 00:00:44 +00:00
Renovate Bot
be8e6d8990 Update Helm release open-webui to v12.10.0 2026-03-10 00:00:42 +00:00
Renovate Bot
5dc9432cfa Update Helm release ingress-nginx to v4.15.0 2026-03-10 00:00:40 +00:00
Lumpiasty
2df8303905 add qwen3.5 4b heretic 2026-03-08 21:39:53 +01:00
Lumpiasty
65c11ab4ca add glm-5 from openrouter to llama-swap 2026-03-08 17:58:01 +01:00
Lumpiasty
55da75f06e clean up llama-swap config 2026-03-08 17:25:44 +01:00
Lumpiasty
ac0165cf01 adjust parameters of qwen3-coder-next 2026-03-07 22:52:49 +01:00
Lumpiasty
15989f4891 automatically fit context on qwen3.5 2b and 4b 2026-03-07 21:01:32 +01:00
Renovate Bot
1b11201ad0 Update caddy Docker tag to v2.11.2 2026-03-07 00:00:27 +00:00
Lumpiasty
a3ebc531fe Add Q3_K_M variand of Qwen3.5-9B 2026-03-06 23:21:58 +01:00
Lumpiasty
63f154293d fiix thinking versions of Qwen3.5 small 2026-03-06 23:17:48 +01:00
Lumpiasty
42aa0a7263 set strategy to recreate on llama-swap deployment 2026-03-06 23:08:03 +01:00
Lumpiasty
a9b8b45328 add 2B, 4B, 9B versions of Qwen3.5 in thinking + nonthinking variants 2026-03-06 23:07:02 +01:00
Lumpiasty
3dc481bc8b increase target margin of 2048MB of VRAM 2026-03-06 02:41:34 +01:00
Lumpiasty
711c437c0a add Qwen3.5 Small 0.8B model and replace Qwen3-VL-2B as task model 2026-03-05 23:17:30 +01:00
Lumpiasty
975f1db8f5 shorten context for qwen3-vl-2b and lower kv cache quant 2026-03-05 22:42:54 +01:00
Lumpiasty
ab9ddd0f3b add path to mmproj in qwen3.5 heretic 2026-03-05 19:31:03 +01:00
Lumpiasty
3e59786c83 manually update llama-swap image tag 2026-03-05 19:27:45 +01:00
Lumpiasty
d2a55e9c81 Add more README 2026-03-02 19:27:12 +01:00
Lumpiasty
2d743e0de0 Merge pull request 'Update Helm release immich to v1.1.1' (#139) from renovate/immich-1.x into fresh-start 
Reviewed-on: #139
 2026-03-02 17:26:36 +00:00
Lumpiasty
0a1c0a65e1 Merge pull request 'Update renovate/renovate Docker tag to v43.46.6' (#140) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #140
 2026-03-02 17:26:29 +00:00
Lumpiasty
96a09ae6f9 Merge pull request 'Update caddy Docker tag to v2.11.1' (#141) from renovate/caddy-2.x into fresh-start 
Reviewed-on: #141
 2026-03-02 17:26:21 +00:00
Lumpiasty
62dc41f74f Merge pull request 'Update Helm release cert-manager to v1.19.4' (#142) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #142
 2026-03-02 17:26:15 +00:00
Lumpiasty
da76710add Merge pull request 'Update Helm release cert-manager-webhook-ovh to v0.9.2' (#143) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #143
 2026-03-02 17:26:09 +00:00
Lumpiasty
75b9a019de Merge pull request 'Update Helm release openbao to v0.25.6' (#144) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #144
 2026-03-02 17:26:02 +00:00
Lumpiasty
d466387d02 revamp readme 2026-03-02 18:05:01 +01:00
Lumpiasty
5c4535beb6 Add mmproj-url for Qwen3.5-35B-A3B-heretic model 2026-03-02 03:19:16 +01:00
Renovate Bot
cd513489a2 Update renovate/renovate Docker tag to v43.46.6 2026-03-02 00:00:28 +00:00
Lumpiasty
44aa0c8136 add gemma-3-270m-it-qat model 2026-02-28 23:20:13 +01:00
Lumpiasty
902004f2e7 Add Qwen3.5-35B-A3B-heretic models 2026-02-28 18:33:42 +01:00
Lumpiasty
bf1f1c0b41 Add always loaded Qwen3-VL-2B-Instruct 2026-02-28 17:48:20 +01:00
Lumpiasty
5915b8dd30 Add Qwen3.5-35-A3B model 2026-02-28 15:49:59 +01:00
Lumpiasty
1adabe92a3 update CoreDNS logging configuration to include all log classes 2026-02-26 02:44:40 +01:00
Lumpiasty
08473fdeae custom config of coredns to deny ipv6 huggingface 2026-02-26 02:32:26 +01:00
Lumpiasty
c14257842a automatically fit models by llama.cpp 2026-02-26 01:38:39 +01:00
Lumpiasty
d053342234 fix models mount 2026-02-26 01:25:21 +01:00
Lumpiasty
2dbd964c28 add schema reference to config.yaml 2026-02-26 00:43:16 +01:00
Lumpiasty
7712aac0f5 configure llama-swap to log llama.cpp output 2026-02-26 00:39:58 +01:00
Lumpiasty
c7bc79f574 add Qwen3-Coder-Next model 2026-02-26 00:10:53 +01:00
Lumpiasty
6cba277b9d update llama-swap image 2026-02-25 19:07:10 +01:00
Lumpiasty
1ca79d5262 disable built in open-webui ingress 2026-02-25 18:20:27 +01:00
Lumpiasty
95ca2aa54f increase openwebui storage to 10Gi 2026-02-25 17:41:23 +01:00
Lumpiasty
bfb089aeff migrate llama models to ssd 2026-02-25 16:03:12 +01:00
Lumpiasty
ed83a66a83 add ssd volume for llama models 2026-02-25 15:43:42 +01:00
Lumpiasty
0d6c67fc27 add lvmpv ssd storage class 2026-02-25 15:23:55 +01:00
Lumpiasty
fa7b35326c add openwebui 2026-02-25 15:21:04 +01:00
Renovate Bot
58a11356f4 Update Helm release openbao to v0.25.6 2026-02-25 00:01:01 +00:00
Renovate Bot
0bdef9f86e Update Helm release cert-manager-webhook-ovh to v0.9.2 2026-02-25 00:00:58 +00:00
Renovate Bot
61c0f8f0b7 Update Helm release cert-manager to v1.19.4 2026-02-25 00:00:56 +00:00
Renovate Bot
b4ba66dc18 Update caddy Docker tag to v2.11.1 2026-02-24 00:00:41 +00:00
Renovate Bot
74b2436694 Update Helm release immich to v1.1.1 2026-02-23 00:05:23 +00:00
Lumpiasty
719a87a6f5 add workaround for cert-manager-webhook-ovh 2026-02-22 20:07:24 +01:00
Lumpiasty
fe4e546d47 remove configVersion from cert-manager-webhook-ovh 2026-02-22 19:53:39 +01:00
Lumpiasty
85e83224dc Merge pull request 'Update Helm release cloudnative-pg to v0.27.1' (#130) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #130
 2026-02-22 18:50:44 +00:00
Lumpiasty
889ba49e6a Merge pull request 'Update renovate/renovate Docker tag to v43.31.1' (#131) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #131
 2026-02-22 18:50:37 +00:00
Lumpiasty
0590c97717 Merge pull request 'Update Helm release cilium to v1.19.1' (#132) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #132
 2026-02-22 18:50:30 +00:00
Lumpiasty
3c1b2da775 Merge pull request 'Update Helm release openbao to v0.25.5' (#135) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #135
 2026-02-22 18:49:25 +00:00
Lumpiasty
2675b2f8eb Merge pull request 'Update Helm release cert-manager-webhook-ovh to v0.9.1' (#138) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #138
 2026-02-22 18:49:13 +00:00
Lumpiasty
72d8d41e16 Merge pull request 'Update Helm release vault-secrets-operator to v1.3.0' (#137) from renovate/vault-secrets-operator-1.x into fresh-start 
Reviewed-on: #137
 2026-02-22 18:47:40 +00:00
Lumpiasty
31c809f3dd Merge pull request 'Update Helm release immich to v1.1.0' (#133) from renovate/immich-1.x into fresh-start 
Reviewed-on: #133
 2026-02-22 18:47:32 +00:00
Lumpiasty
f0c549a39e change router's ip to ::1 2026-02-22 19:24:05 +01:00
Lumpiasty
b66b08f151 update talos to 1.12.4 2026-02-22 18:42:55 +01:00
Lumpiasty
98e3050afa remove mayastor related talos config 2026-02-22 17:04:57 +01:00
Lumpiasty
fef37fca68 clean up old mayastor config 2026-02-22 16:23:35 +01:00
Lumpiasty
6fa292629c disable loki and alloy 2026-02-22 16:21:27 +01:00
Lumpiasty
95b52f3bf3 disable mayastor 2026-02-22 14:29:26 +01:00
Lumpiasty
d9a646b7fd remove mayastor storageclass, snapshotclass 2026-02-22 14:27:43 +01:00
Lumpiasty
7ac0029ced switch searxng persistent data to lvm hdd 2026-02-22 14:22:07 +01:00
Renovate Bot
2c11e4cec0 Update renovate/renovate Docker tag to v43.31.1 2026-02-22 00:00:43 +00:00
Renovate Bot
40613ce587 Update Helm release cert-manager-webhook-ovh to v0.9.1 2026-02-22 00:00:36 +00:00
Lumpiasty
b95c9e7c69 switch llama models dir to lvm hdd 2026-02-21 16:51:04 +01:00
Lumpiasty
05c28d0d46 add lvm hdd llama models pvc 2026-02-21 16:28:06 +01:00
Lumpiasty
09aeee2bd9 move openbao's data volume to lvm 2026-02-21 16:03:03 +01:00
Lumpiasty
d709989558 add lvm hdd openbao volume 2026-02-21 15:55:53 +01:00
Lumpiasty
93d1e579d3 remove docker registry 2026-02-21 15:17:29 +01:00
Lumpiasty
92bcd0ac34 clean up old library volume, postgres and redis 2026-02-21 15:14:34 +01:00
Lumpiasty
c1d08326f3 switch immich to new valkey 2026-02-21 15:12:23 +01:00
Lumpiasty
f9015ad561 add redis authentication 2026-02-21 15:11:29 +01:00
Lumpiasty
14d79a2cd0 add immich valkey server 2026-02-21 15:03:30 +01:00
Lumpiasty
da13987ce8 reconfigure immich to use new db 2026-02-21 14:37:54 +01:00
Lumpiasty
36aab3d935 add new postgres cluster 2026-02-21 14:30:04 +01:00
Lumpiasty
f50e8c10f7 migrate immich to new library pvc 2026-02-21 14:17:28 +01:00
Lumpiasty
3b3642faeb add new immich library volume 2026-02-21 13:52:36 +01:00
Lumpiasty
8a009bc117 add explicit volume for gitea valkey 2026-02-21 13:39:54 +01:00
Lumpiasty
868f96e390 migrate gitea shared storage to new volume 2026-02-21 13:25:53 +01:00
Lumpiasty
638fc960af add explicit gitea shared storage volume 2026-02-21 13:20:30 +01:00
Lumpiasty
1f77bd5176 remove old postgres cluster 2026-02-21 13:07:42 +01:00
Lumpiasty
ffd350afd0 migrate gitea to lvmhdd backed postgres 2026-02-21 13:05:34 +01:00
Lumpiasty
093208c3e4 fix fsType on gitea postgres volume 2026-02-21 12:40:20 +01:00
Renovate Bot
db07a48639 Update Helm release vault-secrets-operator to v1.3.0 2026-02-21 00:00:51 +00:00
Renovate Bot
f061fd0c81 Update Helm release openbao to v0.25.5 2026-02-21 00:00:45 +00:00
Lumpiasty
68c54e44fa fix storage class name on gitea postgres vol 2026-02-20 22:49:50 +01:00
Lumpiasty
3120e9ba60 add btrfs extension 2026-02-20 22:12:46 +01:00
Renovate Bot
e676b6524d Update Helm release immich to v1.1.0 2026-02-18 00:00:39 +00:00
Renovate Bot
5748f69dac Update Helm release cilium to v1.19.1 2026-02-18 00:00:36 +00:00
Lumpiasty
31d0559c57 add browse-pvc krew plugin 2026-02-18 00:04:30 +01:00
Lumpiasty
4b2d3faf2e use separate kubeconfig 2026-02-18 00:03:37 +01:00
Renovate Bot
31083e52bc Update Helm release cloudnative-pg to v0.27.1 2026-02-07 00:09:29 +00:00
Lumpiasty
b1f3337c98 Merge pull request 'Update redis Docker tag to v24.1.3' (#120) from renovate/redis-24.x into fresh-start 
Reviewed-on: #120
 2026-02-06 00:16:26 +00:00
Lumpiasty
e610e96d80 Merge pull request 'Update Helm release gitea to v12.5.0' (#122) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #122
 2026-02-06 00:16:16 +00:00
Lumpiasty
c9997fb8a7 Merge pull request 'Update Helm release ingress-nginx to v4.14.3' (#123) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #123
 2026-02-06 00:16:06 +00:00
Lumpiasty
b9cc44d7e8 Merge pull request 'Update Helm release openbao to v0.25.0' (#124) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #124
 2026-02-06 00:15:58 +00:00
Lumpiasty
be884d07c6 Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.14.1' (#125) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #125
 2026-02-06 00:15:28 +00:00
Lumpiasty
2875d84f33 Merge pull request 'Update alpine Docker tag to v3.23.3' (#126) from renovate/alpine-3.x into fresh-start 
Reviewed-on: #126
 2026-02-06 00:15:07 +00:00
Lumpiasty
573601a7ec Merge pull request 'Update Helm release immich to v1.0.12' (#127) from renovate/immich-1.x into fresh-start 
Reviewed-on: #127
 2026-02-06 00:14:59 +00:00
Lumpiasty
fb60744c5a Merge pull request 'Update renovate/renovate Docker tag to v43' (#128) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #128
 2026-02-06 00:14:51 +00:00
Lumpiasty
52ca68c4ce Merge pull request 'Update Helm release cert-manager to v1.19.3' (#129) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #129
 2026-02-06 00:14:42 +00:00
Renovate Bot
0934a1130a Update renovate/renovate Docker tag to v43 2026-02-06 00:01:36 +00:00
Lumpiasty
3d28650c1b add pv for new postgres' gitea cluster 2026-02-06 00:58:44 +01:00
Lumpiasty
15063c9885 add backup volume snapshot class for girea postgress 2026-02-06 00:27:45 +01:00
Renovate Bot
ba3cb2571c Update Helm release openbao to v0.25.0 2026-02-05 00:00:54 +00:00
Renovate Bot
5edaeb123c Update Helm release immich to v1.0.12 2026-02-05 00:00:43 +00:00
Renovate Bot
0dc37f69cb Update redis Docker tag to v24.1.3 2026-02-04 00:00:42 +00:00
Renovate Bot
777239ccb5 Update Helm release ingress-nginx to v4.14.3 2026-02-03 00:00:54 +00:00
Renovate Bot
352af6f386 Update Helm release cert-manager to v1.19.3 2026-02-03 00:00:50 +00:00
Lumpiasty
230197e3c6 move frigate deployment to new pvcs 2026-02-01 23:07:20 +01:00
Lumpiasty
0c5e22f538 add temporary frigate volume to migrate data 2026-02-01 20:11:25 +01:00
Lumpiasty
e79386b4a5 migrate from raw flake to devenv 2026-02-01 02:00:14 +01:00
Renovate Bot
8f4932132a Update alpine Docker tag to v3.23.3 2026-01-29 00:00:45 +00:00
Renovate Bot
bb6272b16e Update registry.k8s.io/coredns/coredns Docker tag to v1.14.1 2026-01-28 00:00:43 +00:00
Lumpiasty
3a71410c19 enable ts3 after copying files 2026-01-25 01:39:14 +01:00
Lumpiasty
e5af5c3945 add utility to run temporary pod with pvc mounted 2026-01-25 01:38:32 +01:00
Lumpiasty
6de56bfd10 add ispeak3 ts3 server 2026-01-25 01:07:35 +01:00
Renovate Bot
d70a704f89 Update Helm release gitea to v12.5.0 2026-01-24 00:00:54 +00:00
Lumpiasty
5df94c4656 add pv-migrate to tools 2026-01-19 00:12:44 +01:00
Lumpiasty
a6772893d0 delete old nas pvc and use new 2026-01-18 19:05:52 +01:00
Lumpiasty
ba31945337 add secondary nas volume 2026-01-18 18:59:30 +01:00
Lumpiasty
fcaa28c95a add lvmpv-hdd storage class 2026-01-18 18:53:35 +01:00
Lumpiasty
a40f9a046a enable openebs lvm-localpv controller 2026-01-18 00:31:52 +01:00
Lumpiasty
80ed3358e8 Merge pull request 'Update Helm release cilium to v1.18.6' (#116) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #116
 2026-01-17 22:30:28 +00:00
Lumpiasty
eae4ff426c Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.13.2' (#118) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #118
 2026-01-17 22:30:21 +00:00
Lumpiasty
0fadd95386 Merge pull request 'Update renovate/renovate Docker tag to v42.84.1' (#119) from renovate/renovate-renovate-42.x into fresh-start 
Reviewed-on: #119
 2026-01-17 22:30:11 +00:00
Lumpiasty
29e06c60eb Merge pull request 'Update Helm release immich to v1.0.9' (#117) from renovate/immich-1.x into fresh-start 
Reviewed-on: #117
 2026-01-17 22:29:59 +00:00
Renovate Bot
27ae162886 Update renovate/renovate Docker tag to v42.84.1 2026-01-17 22:29:20 +00:00
Renovate Bot
d96344b310 Update registry.k8s.io/coredns/coredns Docker tag to v1.13.2 2026-01-17 22:29:17 +00:00
Renovate Bot
e3483fcfe3 Update Helm release immich to v1.0.9 2026-01-17 22:29:14 +00:00
Renovate Bot
784b335f65 Update Helm release cilium to v1.18.6 2026-01-17 22:29:12 +00:00
Lumpiasty
9300e327df Merge pull request 'Update alpine Docker tag to v3.23.2' (#104) from renovate/alpine-3.x into fresh-start 
Reviewed-on: #104
 2026-01-17 22:21:11 +00:00
Lumpiasty
90fb555dc2 Merge pull request 'Update Helm release openebs to v4.4.0' (#109) from renovate/openebs-4.x into fresh-start 
Reviewed-on: #109
 2026-01-17 22:20:06 +00:00
Lumpiasty
78b3b6b400 Merge pull request 'Update redis Docker tag to v24' (#110) from renovate/redis-24.x into fresh-start 
Reviewed-on: #110
 2026-01-17 22:01:54 +00:00
Lumpiasty
90897daa27 Merge pull request 'Update Helm release cert-manager to v1.19.2' (#113) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #113
 2026-01-17 22:00:51 +00:00
Lumpiasty
0368252850 Merge pull request 'Update Helm release openbao to v0.23.3' (#111) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #111
 2026-01-17 22:00:42 +00:00
Lumpiasty
1503c57fbe Merge pull request 'Update Helm release ingress-nginx to v4.14.1' (#112) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #112
 2026-01-17 21:59:35 +00:00
Lumpiasty
0f12840b35 Merge pull request 'Update Helm release cloudnative-pg to v0.27.0' (#114) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #114
 2026-01-17 21:59:24 +00:00
Lumpiasty
87a071925c Merge pull request 'Update Helm release vault-secrets-operator to v1.2.0' (#115) from renovate/vault-secrets-operator-1.x into fresh-start 
Reviewed-on: #115
 2026-01-17 21:57:21 +00:00
Lumpiasty
b6efe42dc2 disable librechat release, it's using bitnami's mongodb 2026-01-17 22:55:28 +01:00
Lumpiasty
d2cfd7b73d Merge pull request 'Update renovate/renovate Docker tag to v42.84.0' (#107) from renovate/renovate-renovate-42.x into fresh-start 
Reviewed-on: #107
 2026-01-17 21:35:55 +00:00
Renovate Bot
bf1cae3fc7 Update renovate/renovate Docker tag to v42.84.0 2026-01-17 21:34:32 +00:00
Renovate Bot
6712e94237 Update Helm release vault-secrets-operator to v1.2.0 2026-01-13 00:00:37 +00:00
Renovate Bot
6f8e10f3fc Update Helm release openbao to v0.23.3 2026-01-06 00:00:48 +00:00
Renovate Bot
3c04fd6b10 Update redis Docker tag to v24 2025-12-19 00:00:48 +00:00
Renovate Bot
ef353d635a Update alpine Docker tag to v3.23.2 2025-12-19 00:00:36 +00:00
Renovate Bot
0097d057d5 Update Helm release cloudnative-pg to v0.27.0 2025-12-10 00:00:36 +00:00
Renovate Bot
b454fc606f Update Helm release cert-manager to v1.19.2 2025-12-10 00:00:32 +00:00
Lumpiasty
7feb19b7fc update immich 2025-12-07 02:11:41 +01:00
Lumpiasty
b21f8e402b add abliterated versions of qwen3-vl 2025-12-06 23:33:56 +01:00
Renovate Bot
68f51b26b0 Update Helm release ingress-nginx to v4.14.1 2025-12-06 00:00:32 +00:00
Renovate Bot
1095d7ef4d Update Helm release openebs to v4.4.0 2025-11-22 00:00:29 +00:00
Lumpiasty
8d83c6dc83 increase free space limit on frigate to 24h and enable two-way sync 2025-11-17 01:43:17 +01:00
Lumpiasty
65e75a4d39 Add 8B and 2B variants of qwen3-vl 2025-11-15 22:21:10 +01:00
Lumpiasty
6c7457d095 fix Qwen3-VL-4B-Instruct-GGUF models looping issue 2025-11-15 20:40:27 +01:00
Lumpiasty
9b556e98a9 add qwen3-vl thinking variant 2025-11-15 19:31:53 +01:00
Lumpiasty
202ebc7b86 add qwen3-vl, fix librechat taking over settings and clean up llama config 2025-11-15 19:18:43 +01:00
Lumpiasty
ec61023f74 fix cache location after llama-swap update 2025-11-15 18:05:12 +01:00
Lumpiasty
05d3493bb7 update llama-swap 2025-11-15 17:57:46 +01:00
Lumpiasty
2a9f8c3092 Merge pull request 'Update Helm release cilium to v1.18.4' (#99) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #99
 2025-11-15 16:49:56 +00:00
Lumpiasty
226ee59fa6 Merge pull request 'Update Helm release cloudnative-pg to v0.26.1' (#100) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #100
 2025-11-15 16:49:50 +00:00
Lumpiasty
c8f34c45ac Merge pull request 'Update Helm release openbao to v0.19.2' (#101) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #101
 2025-11-15 16:49:41 +00:00
Lumpiasty
c0fa400159 Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.13.1' (#102) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #102
 2025-11-15 16:49:31 +00:00
Lumpiasty
6ccb00e86e Merge pull request 'Update Helm release immich to v1.0.6' (#103) from renovate/immich-1.x into fresh-start 
Reviewed-on: #103
 2025-11-15 16:49:17 +00:00
Lumpiasty
7b8fb8d8bb Merge pull request 'Update Helm release ingress-nginx to v4.14.0' (#105) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #105
 2025-11-15 16:48:24 +00:00
Lumpiasty
0ae3181267 Merge pull request 'Update renovate/renovate Docker tag to v42' (#106) from renovate/renovate-renovate-42.x into fresh-start 
Reviewed-on: #106
 2025-11-15 16:47:38 +00:00
Renovate Bot
c0d83249b9 Update renovate/renovate Docker tag to v42 2025-11-15 00:00:31 +00:00
Renovate Bot
974d70a39e Update Helm release cilium to v1.18.4 2025-11-13 00:00:23 +00:00
Renovate Bot
4518fc674a Update Helm release openbao to v0.19.2 2025-11-07 00:00:23 +00:00
Renovate Bot
c3912af26b Update Helm release immich to v1.0.6 2025-11-06 00:00:36 +00:00
Renovate Bot
797b97496e Update Helm release ingress-nginx to v4.14.0 2025-11-04 00:00:49 +00:00
Lumpiasty
29457af188 add nas deployment 2025-11-03 02:31:02 +01:00
Renovate Bot
2a8e56824e Update registry.k8s.io/coredns/coredns Docker tag to v1.13.1 2025-10-28 00:00:30 +00:00
Renovate Bot
f71794de4d Update Helm release cloudnative-pg to v0.26.1 2025-10-24 00:00:24 +00:00
Lumpiasty
f4a865ce7a update llama-swap docker image 2025-10-19 20:38:39 +02:00
Lumpiasty
e7b3b220aa Merge pull request 'Update caddy Docker tag to v2.10.2' (#89) from renovate/caddy-2.x into fresh-start 
Reviewed-on: #89
 2025-10-19 18:32:21 +00:00
Lumpiasty
0642d29ed5 Merge pull request 'Update Helm release cert-manager to v1.19.1' (#91) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #91
 2025-10-19 18:31:37 +00:00
Lumpiasty
3f044670e0 Merge pull request 'Update renovate/renovate Docker tag to v41.152.7' (#93) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #93
 2025-10-19 18:29:15 +00:00
Lumpiasty
122770b128 Merge pull request 'Update Helm release immich to v1' (#94) from renovate/immich-1.x into fresh-start 
Reviewed-on: #94
 2025-10-19 18:25:55 +00:00
Lumpiasty
d894d42129 Merge pull request 'Update Helm release openbao to v0.19.0' (#92) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #92
 2025-10-19 18:23:55 +00:00
Lumpiasty
3426b1215d Merge pull request 'Update Helm release vault-secrets-operator to v1' (#95) from renovate/vault-secrets-operator-1.x into fresh-start 
Reviewed-on: #95
 2025-10-19 18:21:53 +00:00
Lumpiasty
73a189f4e8 Merge pull request 'Update redis Docker tag to v23' (#96) from renovate/redis-23.x into fresh-start 
Reviewed-on: #96
 2025-10-19 18:19:55 +00:00
Renovate Bot
4518cdda22 Update redis Docker tag to v23 2025-10-19 18:18:51 +00:00
Renovate Bot
3682e4d5bf Update Helm release vault-secrets-operator to v1 2025-10-19 18:18:49 +00:00
Renovate Bot
3135514f6d Update Helm release immich to v1 2025-10-19 18:18:47 +00:00
Renovate Bot
5e39cc9082 Update renovate/renovate Docker tag to v41.152.7 2025-10-19 18:18:45 +00:00
Renovate Bot
6eed078d30 Update Helm release openbao to v0.19.0 2025-10-19 18:18:42 +00:00
Renovate Bot
0bb805eaaa Update Helm release cert-manager to v1.19.1 2025-10-19 18:18:40 +00:00
Renovate Bot
c0f9670837 Update caddy Docker tag to v2.10.2 2025-10-19 18:18:35 +00:00
Lumpiasty
69728501e1 Merge pull request 'Update Helm release immich to v0.9.7' (#77) from renovate/immich-0.x into fresh-start 
Reviewed-on: #77
 2025-10-19 18:13:37 +00:00
Lumpiasty
0a516b3798 Merge pull request 'Update Helm release librechat to v1.9.1' (#79) from renovate/librechat-1.x into fresh-start 
Reviewed-on: #79
 2025-10-19 18:09:08 +00:00
Lumpiasty
c9bb63b373 Merge pull request 'Update Helm release openebs to v4.3.3' (#82) from renovate/openebs-4.x into fresh-start 
Reviewed-on: #82
 2025-10-19 18:04:21 +00:00
Lumpiasty
5b5043755d Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.13.0' (#83) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #83
 2025-10-19 18:03:59 +00:00
Lumpiasty
e0fcaeaad4 Merge pull request 'Update Helm release ingress-nginx to v4.13.3' (#84) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #84
 2025-10-19 18:00:46 +00:00
Lumpiasty
102efd1254 Merge pull request 'Update Helm release k8up to v4.8.6' (#85) from renovate/k8up-4.x into fresh-start 
Reviewed-on: #85
 2025-10-19 17:59:40 +00:00
Lumpiasty
5400c69771 Merge pull request 'Update Helm release cilium to v1.18.2' (#86) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #86
 2025-10-19 17:57:55 +00:00
Lumpiasty
b6c70c9931 fix cert-manager-webhook-ovh config after update 2025-10-19 19:56:13 +02:00
Lumpiasty
2710996a19 Merge pull request 'Update Helm release cert-manager-webhook-ovh to v0.8.0' (#87) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #87
 2025-10-19 17:52:55 +00:00
Lumpiasty
32f8ccfeb8 update values to current values schema 2025-10-19 19:49:54 +02:00
Lumpiasty
12aab2bf0e Merge pull request 'Update Helm release gitea to v12.4.0' (#88) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #88
 2025-10-19 17:42:42 +00:00
Renovate Bot
957b6dab43 Update registry.k8s.io/coredns/coredns Docker tag to v1.13.0 2025-10-17 00:00:35 +00:00
Renovate Bot
d1b30c7e61 Update Helm release librechat to v1.9.1 2025-10-07 00:02:23 +00:00
Renovate Bot
d880c342a5 Update Helm release gitea to v12.4.0 2025-10-07 00:01:47 +00:00
Renovate Bot
ae38951164 Update Helm release k8up to v4.8.6 2025-10-04 00:00:49 +00:00
Renovate Bot
1e363acfca Update Helm release immich to v0.9.7 2025-10-01 00:00:41 +00:00
Renovate Bot
c78ca0933c Update Helm release ingress-nginx to v4.13.3 2025-10-01 00:00:30 +00:00
Renovate Bot
9a31c6bf15 Update Helm release cert-manager-webhook-ovh to v0.8.0 2025-09-25 00:00:28 +00:00
Renovate Bot
45aa92fe10 Update Helm release cilium to v1.18.2 2025-09-25 00:00:22 +00:00
Lumpiasty
708ffe203c Add Qwen2.5-VL models 2025-09-13 02:42:21 +02:00
Renovate Bot
e2c75d2f22 Update Helm release openebs to v4.3.3 2025-08-29 00:00:57 +00:00
Lumpiasty
3ceec2f10c Merge pull request 'Update renovate/renovate Docker tag to v41.82.10' (#66) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #66
 2025-08-25 00:33:25 +00:00
Renovate Bot
95cfbfbe66 Update renovate/renovate Docker tag to v41.82.10 2025-08-25 00:32:46 +00:00
Lumpiasty
bf9aefb44a remove ollama 2025-08-25 02:30:47 +02:00
Lumpiasty
5ffb171821 Merge pull request 'Update Helm release gitea to v12.2.0' (#67) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #67
 2025-08-25 00:23:50 +00:00
Lumpiasty
a35116aa31 Merge pull request 'Update redis Docker tag to v22' (#70) from renovate/redis-22.x into fresh-start 
Reviewed-on: #70
 2025-08-25 00:23:19 +00:00
Lumpiasty
b32337a2ba Merge pull request 'Update Helm release ingress-nginx to v4.13.1' (#71) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #71
 2025-08-25 00:22:58 +00:00
Lumpiasty
d27b43715c Merge pull request 'Update Helm release immich to v0.7.5' (#73) from renovate/immich-0.x into fresh-start 
Reviewed-on: #73
 2025-08-25 00:22:24 +00:00
Lumpiasty
4b0ce7a2e3 Merge pull request 'Update Helm release openbao to v0.16.3' (#75) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #75
 2025-08-25 00:22:18 +00:00
Lumpiasty
7f2ef7270c Merge pull request 'Update Helm release cloudnative-pg to v0.26.0' (#72) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #72
 2025-08-25 00:18:53 +00:00
Lumpiasty
73a9b275a7 Merge pull request 'Update Helm release cilium to v1.18.1' (#74) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #74
 2025-08-25 00:17:27 +00:00
Renovate Bot
8a61a936c6 Update redis Docker tag to v22 2025-08-24 00:00:34 +00:00
Renovate Bot
1c2f77927f Update Helm release immich to v0.7.5 2025-08-23 00:00:29 +00:00
Lumpiasty
4f5b25d910 increase frigate config volume to 5Gi 2025-08-22 16:59:46 +02:00
Renovate Bot
7c5fafd54e Update Helm release openbao to v0.16.3 2025-08-22 00:00:30 +00:00
Renovate Bot
de11ec0d1b Update Helm release gitea to v12.2.0 2025-08-20 00:00:40 +00:00
Lumpiasty
07c32643e7 add searxng 2025-08-18 03:26:54 +02:00
Lumpiasty
9c61d47fda add qwen3-4b-2507 model 2025-08-18 02:50:46 +02:00
Renovate Bot
0f24f1dd7b Update Helm release cilium to v1.18.1 2025-08-16 00:00:28 +00:00
Lumpiasty
83e5cada3f decreate mtu on anapistuala delrosalae to 1280, hack 2025-08-15 20:56:12 +02:00
Renovate Bot
ccf6302924 Update Helm release cloudnative-pg to v0.26.0 2025-08-14 00:00:36 +00:00
Renovate Bot
5eb0362788 Update Helm release ingress-nginx to v4.13.1 2025-08-13 00:00:40 +00:00
Lumpiasty
0985832c2d disable gpu accel in frigate 2025-08-11 20:24:32 +02:00
Lumpiasty
db86abff25 remove old nginx ingress controller 2025-08-03 19:14:11 +02:00
Lumpiasty
a1b40a6a21 Revert "add cameras vlan" 
This reverts commit 9269f21692.
 2025-08-03 18:42:17 +02:00
Lumpiasty
444c4faf96 move all ingresses to new nginx ingress 2025-08-03 18:17:37 +02:00
Lumpiasty
9f304af879 update gitea to new ingress 2025-08-03 17:59:54 +02:00
Lumpiasty
c0524510b8 add nginx-ingress 2025-08-03 17:40:25 +02:00
Lumpiasty
a26a351396 update llama-swap 2025-08-03 17:16:25 +02:00
Lumpiasty
9269f21692 add cameras vlan 2025-08-03 16:39:38 +02:00
Lumpiasty
9d6a9ff304 Merge pull request 'Update Helm release immich to v0.7.2' (#65) from renovate/immich-0.x into fresh-start 
Reviewed-on: #65
 2025-08-03 14:00:33 +00:00
Lumpiasty
3cd094007e Merge pull request 'Update renovate/renovate Docker tag to v41.51.0' (#61) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #61
 2025-08-03 14:00:19 +00:00
Lumpiasty
94a57daaf8 Merge pull request 'Update Helm release cilium to v1.18.0' (#62) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #62
 2025-08-03 14:00:00 +00:00
Renovate Bot
6fec8d29a6 Update renovate/renovate Docker tag to v41.51.0 2025-08-03 00:00:50 +00:00
Renovate Bot
3a94da6021 Update Helm release immich to v0.7.2 2025-08-03 00:00:45 +00:00
Lumpiasty
70511ff9bc Merge pull request 'Update Helm release ollama to v1.25.0' (#63) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #63
 2025-08-02 14:29:07 +00:00
Lumpiasty
e8b37d90d8 Merge pull request 'Update Helm release immich to v0.7.1' (#64) from renovate/immich-0.x into fresh-start 
Reviewed-on: #64
 2025-08-02 14:28:59 +00:00
Renovate Bot
30b7a78360 Update Helm release immich to v0.7.1 2025-08-02 00:01:07 +00:00
Renovate Bot
2561b354d1 Update Helm release ollama to v1.25.0 2025-07-30 00:00:32 +00:00
Renovate Bot
949d8b11db Update Helm release cilium to v1.18.0 2025-07-30 00:00:29 +00:00
Lumpiasty
6c46b20dba fix nginx disconnecting too fast 2025-07-29 19:49:15 +02:00
Lumpiasty
f0f9cb4d34 fix api endpoint in librechat 2025-07-29 18:54:07 +02:00
Lumpiasty
8386e21722 fix image upload in librechat 2025-07-29 18:50:13 +02:00
Lumpiasty
c871dae045 change chart source and update librechat 2025-07-29 18:36:19 +02:00
Lumpiasty
70e4967497 increase immich uploads volume 2025-07-29 04:16:28 +02:00
Lumpiasty
8e68c45573 allow websockets to immich 2025-07-29 03:25:43 +02:00
Lumpiasty
c4628523bc llama automatic unloading and longer start timeout 2025-07-29 02:31:39 +02:00
Lumpiasty
071e87ee44 disable warmups 2025-07-29 02:24:14 +02:00
Lumpiasty
9e17aadb56 add gemma3 model 2025-07-29 02:22:52 +02:00
Lumpiasty
3ca4ddc233 use immich chart provided ingress 2025-07-29 00:50:44 +02:00
Lumpiasty
215a2ac1fb Merge pull request 'Update Helm release cloudnative-pg to v0.25.0' (#59) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #59
 2025-07-28 22:46:07 +00:00
Lumpiasty
5b8a861daa Merge pull request 'Update renovate/renovate Docker tag to v41.43.5' (#58) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #58
 2025-07-28 22:45:53 +00:00
Lumpiasty
319e3bafbe Merge pull request 'Update Helm release immich to v0.7.0' (#60) from renovate/immich-0.x into fresh-start 
Reviewed-on: #60
 2025-07-28 22:45:29 +00:00
Renovate Bot
ad1c60a049 Update Helm release immich to v0.7.0 2025-07-28 00:00:34 +00:00
Lumpiasty
41020f8c79 install immich 2025-07-27 22:38:45 +02:00
Renovate Bot
60c7dd4bdc Update renovate/renovate Docker tag to v41.43.5 2025-07-27 00:00:38 +00:00
Lumpiasty
0fde3108d6 move llama models to ssd 2025-07-26 17:54:23 +02:00
Lumpiasty
a299c2cc2b add ssd 2025-07-26 17:52:34 +02:00
Renovate Bot
a4ea45a39c Update Helm release cloudnative-pg to v0.25.0 2025-07-26 00:03:30 +00:00
Lumpiasty
30bae60308 fix immich postgres cluster 2025-07-25 23:09:58 +02:00
Lumpiasty
2f3b7af0da redis for immich 2025-07-25 22:43:21 +02:00
Lumpiasty
30efd5ae6e Merge pull request 'Update renovate/renovate Docker tag to v41.43.2' (#57) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #57
 2025-07-25 20:15:37 +00:00
Renovate Bot
0e1279473f Update renovate/renovate Docker tag to v41.43.2 2025-07-25 00:00:45 +00:00
Lumpiasty
718a0d7e33 add immich 2025-07-24 02:50:34 +02:00
Lumpiasty
9765f1cf86 add gemma3n 2025-07-23 23:46:44 +02:00
Lumpiasty
5f3a00b382 add qwen3 no thinking 2025-07-23 22:56:52 +02:00
Lumpiasty
b379c181f2 increase context size 2025-07-23 22:06:45 +02:00
Lumpiasty
e1801347f2 add qwen3 2025-07-23 20:15:37 +02:00
Lumpiasty
d53db88fd2 gpu offload in llama.cpp 2025-07-23 19:55:48 +02:00
Lumpiasty
5fb2bcfc7e add llama.cpp to librechat 2025-07-23 19:19:43 +02:00
Lumpiasty
f5da3b52a2 Merge pull request 'Update Helm release ollama to v1.24.0' (#53) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #53
 2025-07-23 17:13:28 +00:00
Lumpiasty
c3dbb0a608 Merge pull request 'Update Helm release openbao to v0.16.2' (#52) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #52
 2025-07-23 17:13:09 +00:00
Lumpiasty
a520c62277 Merge pull request 'Update renovate/renovate Docker tag to v41.42.9' (#51) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #51
 2025-07-23 17:12:49 +00:00
Lumpiasty
6cf45eda17 Merge pull request 'Update Helm release cilium to v1.17.6' (#55) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #55
 2025-07-23 17:12:35 +00:00
Lumpiasty
753d43b643 Merge pull request 'Update Helm release nginx-ingress to v2.2.1' (#54) from renovate/nginx-ingress-2.x into fresh-start 
Reviewed-on: #54
 2025-07-23 17:12:11 +00:00
Lumpiasty
263b60018d Merge pull request 'Update Helm release gitea to v12.1.2' (#56) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #56
 2025-07-23 17:10:14 +00:00
Renovate Bot
0816b6e434 Update renovate/renovate Docker tag to v41.42.9 2025-07-23 00:01:56 +00:00
Lumpiasty
18eb912f03 llama-swap 2025-07-23 00:18:45 +02:00
Renovate Bot
a2c23c5f97 Update Helm release gitea to v12.1.2 2025-07-20 00:00:54 +00:00
Renovate Bot
15ce411c3e Update Helm release nginx-ingress to v2.2.1 2025-07-18 00:00:57 +00:00
Renovate Bot
04a8c98d63 Update Helm release cilium to v1.17.6 2025-07-17 00:00:45 +00:00
Renovate Bot
f46219f87e Update Helm release ollama to v1.24.0 2025-07-13 00:00:52 +00:00
Lumpiasty
53154eeed7 adjust motion masks 2025-07-10 22:06:58 +02:00
Renovate Bot
2ad310c550 Update Helm release openbao to v0.16.2 2025-07-10 00:00:37 +00:00
Lumpiasty
d32d94eb00 introduce person mask 2025-07-07 00:02:09 +02:00
Lumpiasty
5b62f7e386 Merge pull request 'Update renovate/renovate Docker tag to v41.23.1' (#48) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #48
 2025-07-06 18:40:21 +00:00
Lumpiasty
52124193e2 Merge pull request 'Update Helm release ollama to v1.23.0' (#49) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #49
 2025-07-06 18:40:12 +00:00
Lumpiasty
0f8ee9e53d Merge pull request 'Update Helm release cert-manager to v1.18.2' (#50) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #50
 2025-07-06 18:40:05 +00:00
Lumpiasty
122c70d0a8 fix config validation error 2025-07-06 20:06:30 +02:00
Lumpiasty
5463d76771 run renovate once daily 2025-07-06 20:03:42 +02:00
Lumpiasty
60f2056806 update nix flake 2025-07-06 19:48:03 +02:00
Renovate Bot
6119ac7271 Update renovate/renovate Docker tag to v41.23.1 2025-07-06 17:00:32 +00:00
Lumpiasty
1a01f82e30 tune detection objects and retention 2025-07-06 18:58:29 +02:00
Lumpiasty
74c9ddad62 add motion mask on cameras 2025-07-06 18:15:41 +02:00
Renovate Bot
caf62609d3 Update Helm release ollama to v1.23.0 2025-07-05 05:00:41 +00:00
Renovate Bot
d5622416de Update Helm release cert-manager to v1.18.2 2025-07-02 14:00:59 +00:00
Lumpiasty
4183831d2f fix expanding volumes 2025-06-30 18:40:14 +02:00
Lumpiasty
ae6ed770a9 increase storage for recordings 2025-06-30 18:34:57 +02:00
Lumpiasty
59d936d467 enable audio in recordings frigate 2025-06-30 00:02:09 +02:00
Lumpiasty
9b56ce5e4f switch to openvino cpu detector 2025-06-29 22:44:17 +02:00
Lumpiasty
2424ad440b enable hwaccel in frigate 2025-06-29 20:33:42 +02:00
Lumpiasty
dff138ba31 use go2rtc restream to remove need for two streams from camera 2025-06-29 17:25:18 +02:00
Lumpiasty
d95eb6f4ab Configure frigate webrtc 2025-06-29 02:10:41 +02:00
Lumpiasty
5252f209f5 enable ingress to frigate 2025-06-29 01:14:26 +02:00
Lumpiasty
e7348b2718 add cameras to frigate 2025-06-29 00:34:01 +02:00
Lumpiasty
c7cd2c5355 add frigate nvr 2025-06-28 02:41:52 +02:00
Lumpiasty
71e75afadb Merge pull request 'Update Helm release cert-manager-webhook-ovh to v0.7.5' (#39) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #39
 2025-06-28 00:06:37 +00:00
Lumpiasty
23169aa2ca Merge pull request 'Update Helm release cloudnative-pg to v0.24.0' (#38) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #38
 2025-06-28 00:06:30 +00:00
Lumpiasty
d8aa0a6a32 Merge pull request 'Update Helm release ollama to v1.21.0' (#40) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #40
 2025-06-27 23:59:33 +00:00
Lumpiasty
a6630c0376 fix openbao injector not starting 2025-06-28 01:57:25 +02:00
Lumpiasty
9056839784 Merge pull request 'Update Helm release openbao to v0.16.1' (#41) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #41
 2025-06-27 23:47:11 +00:00
Lumpiasty
1f8afa2f8e Merge pull request 'Update Helm release cert-manager to v1.18.1' (#42) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #42
 2025-06-27 23:46:30 +00:00
Lumpiasty
e7b22509cd Merge pull request 'Update renovate/renovate Docker tag to v41' (#47) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #47
 2025-06-27 23:42:09 +00:00
Renovate Bot
e39574b60e Update renovate/renovate Docker tag to v41 2025-06-27 23:41:30 +00:00
Lumpiasty
197ceb6688 fix openebs after update 2025-06-28 01:37:40 +02:00
Lumpiasty
3e95a5edd1 Merge pull request 'Update Helm release openebs to v4.3.2' (#43) from renovate/openebs-4.x into fresh-start 
Reviewed-on: #43
 2025-06-27 21:38:27 +00:00
Lumpiasty
10fe51f52d Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.12.2' (#44) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #44
 2025-06-27 21:33:44 +00:00
Lumpiasty
e197cf5e5e Merge pull request 'Update Helm release gitea to v12.1.1' (#45) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #45
 2025-06-27 21:31:42 +00:00
Lumpiasty
c54109dbf3 Merge pull request 'Update Helm release cilium to v1.17.5' (#46) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #46
 2025-06-27 21:29:36 +00:00
Renovate Bot
5a97e4b1d8 Update Helm release openebs to v4.3.2 2025-06-27 20:28:16 +00:00
Renovate Bot
12cdfd96e2 Update Helm release openbao to v0.16.1 2025-06-27 20:28:13 +00:00
Renovate Bot
7d2056b3ee Update Helm release ollama to v1.21.0 2025-06-27 20:28:09 +00:00
Renovate Bot
35e579fc01 Update Helm release gitea to v12.1.1 2025-06-27 20:28:01 +00:00
Renovate Bot
302613b76a Update Helm release cert-manager to v1.18.1 2025-06-27 20:27:56 +00:00
Renovate Bot
89542df777 Update Helm release cilium to v1.17.5 2025-06-27 20:27:51 +00:00
Renovate Bot
233466e2cd Update Helm release cert-manager-webhook-ovh to v0.7.5 2025-06-27 20:27:48 +00:00
Renovate Bot
461f0589b3 Update registry.k8s.io/coredns/coredns Docker tag to v1.12.2 2025-06-16 09:00:47 +00:00
Renovate Bot
5c16cd3a4b Update Helm release cloudnative-pg to v0.24.0 2025-05-23 14:00:45 +00:00
Lumpiasty
5cd5263d19 Merge pull request 'Update Helm release cilium to v1.17.4' (#34) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #34
 2025-05-17 22:00:56 +00:00
Lumpiasty
a886e7c79c Merge pull request 'Update renovate/renovate Docker tag to v40.14.3' (#33) from renovate/renovate-renovate-40.x into fresh-start 
Reviewed-on: #33
 2025-05-17 22:00:49 +00:00
Lumpiasty
dd676716f9 fix valkey persistence in gitea chart 2025-05-17 23:54:04 +02:00
Lumpiasty
110ffa9c22 Merge pull request 'Update Helm release gitea to v12' (#35) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #35
 2025-05-17 21:46:57 +00:00
Lumpiasty
6ed7d61e21 rename mentions of redis to valkey in gitea 2025-05-17 23:46:35 +02:00
Lumpiasty
051083cd6e Merge pull request 'Update Helm release ollama to v1.17.0' (#36) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #36
 2025-05-17 21:40:40 +00:00
Lumpiasty
87f2446cd1 move ollama api key to valut 2025-05-17 23:32:33 +02:00
Lumpiasty
faa55fa069 move ovh cert-manager secret to vault 2025-05-17 23:12:42 +02:00
Lumpiasty
af29de91d6 move renovate gitea token to vault 2025-05-17 22:58:43 +02:00
Lumpiasty
5f3a775201 move some settings of renovate to configmap 2025-05-17 22:45:43 +02:00
Renovate Bot
81f750e5e5 Update renovate/renovate Docker tag to v40.14.3 2025-05-17 19:00:49 +00:00
Renovate Bot
641e50b5e9 Update Helm release ollama to v1.17.0 2025-05-17 03:00:44 +00:00
Renovate Bot
3fe8626391 Update Helm release gitea to v12 2025-05-16 14:00:56 +00:00
Renovate Bot
94f851c607 Update Helm release cilium to v1.17.4 2025-05-15 19:00:42 +00:00
Lumpiasty
d2134ad554 Merge pull request 'Update renovate/renovate Docker tag to v40.11.6' (#32) from renovate/renovate-renovate-40.x into fresh-start 
Reviewed-on: #32
 2025-05-12 00:16:15 +00:00
Lumpiasty
22910085b7 add vault secret of gitea backups 2025-05-12 02:08:32 +02:00
Lumpiasty
6a4dee0852 add vault secrets operator 2025-05-12 02:05:36 +02:00
Lumpiasty
49d5803b4f add external-secrets 2025-05-12 00:42:56 +02:00
Renovate Bot
b5c51f6720 Update renovate/renovate Docker tag to v40.11.6 2025-05-11 11:00:42 +00:00
Lumpiasty
3a8dbc6e0c Merge pull request 'Update Helm release ollama to v1.16.0' (#30) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #30
 2025-05-10 00:13:08 +00:00
Lumpiasty
ead8be8bcb Merge pull request 'Update Helm release cert-manager to v1.17.2' (#28) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #28
 2025-05-10 00:13:02 +00:00
Lumpiasty
f027dad029 Merge pull request 'Update caddy Docker tag to v2.10.0' (#26) from renovate/caddy-2.x into fresh-start 
Reviewed-on: #26
 2025-05-10 00:12:41 +00:00
Lumpiasty
e35b8ccac8 Merge pull request 'Update Helm release librechat to v1.8.10' (#29) from renovate/librechat-1.x into fresh-start 
Reviewed-on: #29
 2025-05-10 00:12:32 +00:00
Lumpiasty
f69128b245 Merge pull request 'Update renovate/renovate Docker tag to v40' (#31) from renovate/renovate-renovate-40.x into fresh-start 
Reviewed-on: #31
 2025-05-10 00:12:02 +00:00
Lumpiasty
d14b62f384 pin cores to minimum frequency 2025-05-10 01:43:20 +02:00
Renovate Bot
ab7b8a6f26 Update renovate/renovate Docker tag to v40 2025-05-09 13:00:22 +00:00
Renovate Bot
8acc480b05 Update Helm release ollama to v1.16.0 2025-05-06 02:00:31 +00:00
Renovate Bot
65834037ee Update Helm release librechat to v1.8.10 2025-04-24 19:00:25 +00:00
Renovate Bot
1bf63168f2 Update Helm release cert-manager to v1.17.2 2025-04-24 12:00:33 +00:00
Renovate Bot
b3db332075 Update caddy Docker tag to v2.10.0 2025-04-22 01:00:33 +00:00
Lumpiasty
b84c792992 add basedpyright and make it happy 2025-04-22 02:42:16 +02:00
Lumpiasty
947f154a81 use nix provided python as default interpreter 2025-04-21 23:01:58 +02:00
Lumpiasty
1a88b1c602 synchronize kubernetes auth method in recoincile script 2025-04-21 22:09:13 +02:00
Lumpiasty
55fce1fc36 gitea switch to database from cloudnativepg 2025-04-21 21:16:02 +02:00
Lumpiasty
bb4afc0c07 increase ollama proxy-read-timeout on ingress 2025-04-21 19:59:03 +02:00
Lumpiasty
eb92a85cac fix apps kustomization 2025-04-21 17:54:30 +02:00
Lumpiasty
8f70ae5f2e Merge pull request 'Update renovate/renovate Docker tag to v39.253.2' (#22) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #22
 2025-04-21 15:52:55 +00:00
Lumpiasty
f89a2fd1cc Merge pull request 'Update Helm release cilium to v1.17.3' (#23) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #23
 2025-04-21 15:52:34 +00:00
Lumpiasty
b493ee9d77 Merge pull request 'Update Helm release nginx-ingress to v2.1.0' (#25) from renovate/nginx-ingress-2.x into fresh-start 
Reviewed-on: #25
 2025-04-21 15:52:19 +00:00
Lumpiasty
8de0663571 Merge pull request 'Update Helm release openbao to v0.12.0' (#24) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #24
 2025-04-21 15:52:09 +00:00
Lumpiasty
3fc534f44b remove gpt-researcher 2025-04-21 17:48:08 +02:00
Renovate Bot
1c8ccd0fc4 Update renovate/renovate Docker tag to v39.253.2 2025-04-21 10:00:40 +00:00
Lumpiasty
847fd3557b use tavily and openrouter in gpt researcher 2025-04-20 03:06:46 +02:00
Lumpiasty
d2c2f5038f change models used by gpt-researcher 2025-04-20 00:19:34 +02:00
Lumpiasty
afb9dcec65 enable support for websockets for researcher 2025-04-19 05:21:29 +02:00
Lumpiasty
ba51980cec use our own image for gpt researcher 2025-04-19 04:49:55 +02:00
Lumpiasty
e0eb26b63d add docker registry 2025-04-19 04:43:27 +02:00
Lumpiasty
eda5ba08a0 add gpt-researcher 2025-04-19 04:07:21 +02:00
Lumpiasty
318aedf89d update network config 2025-04-17 22:35:53 +02:00
Renovate Bot
7b9090afc1 Update Helm release nginx-ingress to v2.1.0 2025-04-16 15:00:30 +00:00
Lumpiasty
a109290c18 increase ollama proxy timeout 2025-04-15 23:28:03 +02:00
Renovate Bot
f4b9742ab1 Update Helm release openbao to v0.12.0 2025-04-15 20:00:29 +00:00
Renovate Bot
b103358816 Update Helm release cilium to v1.17.3 2025-04-14 21:00:32 +00:00
Lumpiasty
46cacb339d Merge pull request 'Update renovate/renovate Docker tag to v39.240.1' (#18) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #18
 2025-04-13 00:13:01 +00:00
Lumpiasty
1e7dd52721 Merge pull request 'Update Helm release ollama to v1.14.0' (#19) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #19
 2025-04-13 00:12:53 +00:00
Lumpiasty
044cc37392 Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.12.1' (#20) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #20
 2025-04-13 00:07:17 +00:00
Lumpiasty
68ba891abc Merge pull request 'Update Helm release community-operator to v0.13.0' (#21) from renovate/community-operator-0.x into fresh-start 
Reviewed-on: #21
 2025-04-13 00:07:04 +00:00
Renovate Bot
81ed455ff8 Update renovate/renovate Docker tag to v39.240.1 2025-04-12 19:00:28 +00:00
Renovate Bot
b7c2da4419 Update Helm release community-operator to v0.13.0 2025-04-11 19:00:24 +00:00
Lumpiasty
4bc01e2e78 disable proxy bufferring in ollama ingress 2025-04-11 03:24:45 +02:00
Renovate Bot
94d51de471 Update registry.k8s.io/coredns/coredns Docker tag to v1.12.1 2025-04-08 20:00:30 +00:00
Renovate Bot
dc0104c55d Update Helm release ollama to v1.14.0 2025-04-08 13:00:44 +00:00
Lumpiasty
83be6619e8 deploy gitea postgres cluster 2025-04-05 22:34:57 +02:00
Lumpiasty
48ccacefdd Fix librechat kustomization typo 2025-04-05 22:12:40 +02:00
Lumpiasty
cfeef90515 Split renovate deployment to files 2025-04-05 22:11:37 +02:00
Lumpiasty
ce0bef4970 Split librechat deployment to files 2025-04-05 22:09:59 +02:00
Lumpiasty
bd5fd97ed0 split ollama deployment to files 2025-04-05 22:08:02 +02:00
Lumpiasty
52641779bc split gitea deployment to files 2025-04-05 22:01:53 +02:00
Lumpiasty
e98e02705d Move gitea kustomization to subdir 2025-04-05 20:22:29 +02:00
Lumpiasty
3c849f52f7 install cloudnativepg 2025-04-05 20:05:54 +02:00
Lumpiasty
36187fff41 Merge pull request 'Update renovate/renovate Docker tag to v39.233.3' (#15) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #15
 2025-04-05 13:37:14 +00:00
Lumpiasty
1ac7504585 Merge pull request 'Update Helm release community-operator to v0.12.1' (#16) from renovate/community-operator-0.x into fresh-start 
Reviewed-on: #16
 2025-04-05 13:36:59 +00:00
Lumpiasty
879c013e89 Merge pull request 'Update Helm release ollama to v1.13.0' (#17) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #17
 2025-04-05 13:36:35 +00:00
Lumpiasty
aa7fe8d3cf enable search in librechat 2025-04-05 03:56:02 +02:00
Lumpiasty
fd280f1fca add ingress to librechat 2025-04-05 03:54:11 +02:00
Lumpiasty
2ad381e35c Install librechat from different chart 2025-04-05 02:59:41 +02:00
Lumpiasty
e63a285dc3 Remove old librechat deployment 2025-04-04 23:01:49 +02:00
Renovate Bot
5336df3134 Update renovate/renovate Docker tag to v39.233.3 2025-04-04 12:00:48 +00:00
Renovate Bot
966639e3c8 Update Helm release ollama to v1.13.0 2025-04-04 04:00:32 +00:00
Renovate Bot
97924a8064 Update Helm release community-operator to v0.12.1 2025-04-01 09:00:25 +00:00
Lumpiasty
37b78f079e Add librechat 2025-04-01 02:55:59 +02:00
Lumpiasty
0d17825eab Add mongodb database for librechat 2025-04-01 00:35:50 +02:00
Lumpiasty
ffeecf65f6 Mongodb operator 2025-03-31 23:38:58 +02:00
Lumpiasty
fea49ae167 Merge pull request 'Update renovate/renovate Docker tag to v39.221.0' (#14) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #14
 2025-03-30 16:31:27 +00:00
Renovate Bot
6b6e7937c1 Update renovate/renovate Docker tag to v39.221.0 2025-03-30 13:00:33 +00:00
Lumpiasty
487baa2813 vulkan support in ollama 2025-03-30 03:05:51 +02:00
Lumpiasty
fe2f79d13c Disable flux network policy 2025-03-29 23:12:35 +01:00
Lumpiasty
c3a747c03c Merge pull request 'Update renovate/renovate Docker tag to v39.220.4' (#12) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #12
 2025-03-29 22:10:11 +00:00
Lumpiasty
f1f6ffb9a0 Merge pull request 'Update Helm release ollama to v1.12.0' (#13) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #13
 2025-03-29 22:10:03 +00:00
Renovate Bot
e851f6ab8c Update Helm release ollama to v1.12.0 2025-03-29 17:00:29 +00:00
Renovate Bot
2ecd20c9d7 Update renovate/renovate Docker tag to v39.220.4 2025-03-29 14:00:39 +00:00
Lumpiasty
bdb3bd3234 Ollama proxy fix secret ref 2025-03-27 01:47:23 +01:00
Lumpiasty
47e957e444 add cert-manager annotation to ollama ingress 2025-03-27 01:34:23 +01:00
Lumpiasty
b2dfb2dc0b disable https for caddy 2025-03-27 01:32:37 +01:00
Lumpiasty
6ccc964c87 add ollama proxy and ingress 2025-03-27 01:30:12 +01:00
Lumpiasty
5c7b258ccf Merge pull request 'Update renovate/renovate Docker tag to v39.218.1' (#10) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #10
 2025-03-26 23:13:23 +00:00
Lumpiasty
351426f055 Merge pull request 'Update Helm release gitea to v11.0.1' (#11) from renovate/gitea-11.x into fresh-start 
Reviewed-on: #11
 2025-03-26 23:12:11 +00:00
Renovate Bot
ca598f9750 Update Helm release gitea to v11.0.1 2025-03-26 18:00:58 +00:00
Renovate Bot
0cb93ce8a1 Update renovate/renovate Docker tag to v39.218.1 2025-03-26 17:00:31 +00:00
Lumpiasty
6fde991ba9 add ollama deployment 2025-03-26 02:17:53 +01:00
Lumpiasty
5f3840cc02 Reapply "Merge pull request 'Update Helm release gitea to v11' (#9) from renovate/gitea-11.x into fresh-start" 
This reverts commit d9a22723ef.
 2025-03-26 01:48:36 +01:00
Lumpiasty
d9a22723ef Revert "Merge pull request 'Update Helm release gitea to v11' (#9) from renovate/gitea-11.x into fresh-start" 
This reverts commit f97a655ad5, reversing
changes made to f36ce88026.
 2025-03-26 01:16:23 +01:00
Lumpiasty
f97a655ad5 Merge pull request 'Update Helm release gitea to v11' (#9) from renovate/gitea-11.x into fresh-start 
Reviewed-on: #9
 2025-03-26 00:07:23 +00:00
Lumpiasty
c2aacd0ef4 Remove custom gitea tag from values 2025-03-26 01:06:24 +01:00
Lumpiasty
f36ce88026 Merge pull request 'Update Helm release openebs to v4.2.0' (#7) from renovate/openebs-4.x into fresh-start 
Reviewed-on: #7
 2025-03-26 00:01:50 +00:00
Lumpiasty
d19d332b59 Merge pull request 'Update renovate/renovate Docker tag to v39.216.1' (#8) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #8
 2025-03-26 00:00:00 +00:00
Lumpiasty
5cf9de7997 renovate improve yaml matching 2025-03-26 00:58:03 +01:00
Lumpiasty
3c84632a2d Merge pull request 'Update Helm release openbao to v0.10.1' (#6) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #6
 2025-03-25 23:54:58 +00:00
Lumpiasty
14bcc8546c Merge pull request 'Update Helm release k8up to v4.8.4' (#4) from renovate/k8up-4.x into fresh-start 
Reviewed-on: #4
 2025-03-25 23:53:54 +00:00
Lumpiasty
ca8a63fdbe Merge pull request 'Update Helm release cert-manager to v1.17.1' (#3) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #3
 2025-03-25 23:44:47 +00:00
Renovate Bot
3a46d17f02 Update Helm release gitea to v11 2025-03-25 23:42:27 +00:00
Renovate Bot
add851ee9e Update renovate/renovate Docker tag to v39.216.1 2025-03-25 23:42:26 +00:00
Renovate Bot
edbfd26bde Update Helm release openebs to v4.2.0 2025-03-25 23:42:25 +00:00
Renovate Bot
dea0dfb7cc Update Helm release openbao to v0.10.1 2025-03-25 23:42:24 +00:00
Renovate Bot
874fc826cd Update Helm release k8up to v4.8.4 2025-03-25 23:42:21 +00:00
Renovate Bot
33cb5c72c7 Update Helm release cert-manager to v1.17.1 2025-03-25 23:42:20 +00:00
Lumpiasty
31df54fcf0 Merge pull request 'Configure Renovate' (#2) from renovate/configure into fresh-start 
Reviewed-on: #2
 2025-03-25 23:41:34 +00:00
69 changed files with 102 additions and 1748 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -10,4 +10,3 @@ devenv.local.yaml
# pre-commit
.pre-commit-config.yaml
.opencode

3
.vscode/extensions.json vendored
View File

@@ -2,7 +2,6 @@
"recommendations": [
"jnoortheen.nix-ide",
"detachhead.basedpyright",
"mkhl.direnv",
"mermaidchart.vscode-mermaid-chart"
"mkhl.direnv"
]
}

15
.woodpecker/my-first-workflow.yaml
View File

@@ -1,15 +0,0 @@
when:
- event: push
branch: fresh-start
steps:
- name: build
image: debian
commands:
- echo "This is the build step"
- echo "echo hello world" > executable
- name: a-test-step
image: golang:1.16
commands:
- echo "Testing ..."
- sh executable

20
Makefile
View File

@@ -1,7 +1,3 @@
SHELL := /usr/bin/env bash
.PHONY: install-router gen-talos-config apply-talos-config get-kubeconfig garm-image-build garm-image-push garm-image-build-push
install-router:
ansible-playbook ansible/playbook.yml -i ansible/hosts
@@ -27,19 +23,3 @@ apply-talos-config:
get-kubeconfig:
talosctl -n anapistula-delrosalae kubeconfig talos/generated/kubeconfig
garm-image-build:
set -euo pipefail; \
source apps/garm/image-source.env; \
docker build \
-f docker/garm/Dockerfile \
--build-arg GARM_COMMIT=$$GARM_COMMIT \
-t $$GARM_IMAGE \
.
garm-image-push:
set -euo pipefail; \
source apps/garm/image-source.env; \
docker push $$GARM_IMAGE
garm-image-build-push: garm-image-build garm-image-push

8
apps/authentik/kustomization.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- postgres-volume.yaml
- postgres-cluster.yaml
- secret.yaml
- release.yaml

4
apps/authentik/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: authentik

23
apps/authentik/postgres-cluster.yaml
View File

@@ -1,23 +0,0 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: authentik-postgresql-cluster-lvmhdd
namespace: authentik
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
bootstrap:
initdb:
database: authentik
owner: authentik
storage:
pvcTemplate:
storageClassName: hdd-lvmpv
resources:
requests:
storage: 10Gi
volumeName: authentik-postgresql-cluster-lvmhdd-1

33
apps/authentik/postgres-volume.yaml
View File

@@ -1,33 +0,0 @@
apiVersion: local.openebs.io/v1alpha1
kind: LVMVolume
metadata:
labels:
kubernetes.io/nodename: anapistula-delrosalae
name: authentik-postgresql-cluster-lvmhdd-1
namespace: openebs
spec:
capacity: 10Gi
ownerNodeID: anapistula-delrosalae
shared: "yes"
thinProvision: "no"
vgPattern: ^openebs-hdd$
volGroup: openebs-hdd
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: authentik-postgresql-cluster-lvmhdd-1
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hdd-lvmpv
volumeMode: Filesystem
csi:
driver: local.csi.openebs.io
fsType: btrfs
volumeHandle: authentik-postgresql-cluster-lvmhdd-1
---
# PVCs are dynamically created by the Postgres operator

61
apps/authentik/release.yaml
View File

@@ -1,61 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: authentik
namespace: authentik
spec:
interval: 24h
url: https://charts.goauthentik.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: authentik
namespace: authentik
spec:
interval: 30m
chart:
spec:
chart: authentik
version: 2026.2.1
sourceRef:
kind: HelmRepository
name: authentik
namespace: authentik
interval: 12h
values:
authentik:
postgresql:
host: authentik-postgresql-cluster-lvmhdd-rw
name: authentik
user: authentik
global:
env:
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-secret
key: secret_key
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-postgresql-cluster-lvmhdd-app
key: password
postgresql:
enabled: false
server:
ingress:
enabled: true
ingressClassName: nginx-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt
hosts:
- authentik.lumpiasty.xyz
tls:
- secretName: authentik-ingress
hosts:
- authentik.lumpiasty.xyz

38
apps/authentik/secret.yaml
View File

@@ -1,38 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: authentik-secret
namespace: authentik
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: authentik
namespace: authentik
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: authentik
serviceAccount: authentik-secret
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: authentik-secret
namespace: authentik
spec:
type: kv-v2
mount: secret
path: authentik
destination:
create: true
name: authentik-secret
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: authentik

48
apps/crawl4ai-proxy/deployment.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: crawl4ai-proxy
namespace: crawl4ai
spec:
replicas: 1
selector:
matchLabels:
app: crawl4ai-proxy
template:
metadata:
labels:
app: crawl4ai-proxy
spec:
containers:
- name: crawl4ai-proxy
image: gitea.lumpiasty.xyz/lumpiasty/crawl4ai-proxy-fit:latest
imagePullPolicy: Always
env:
- name: LISTEN_PORT
value: "8000"
- name: CRAWL4AI_ENDPOINT
value: http://crawl4ai.crawl4ai.svc.cluster.local:11235/crawl
ports:
- name: http
containerPort: 8000
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 2
failureThreshold: 6
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 2
failureThreshold: 6
resources:
requests:
cpu: 25m
memory: 32Mi
limits:
cpu: 200m
memory: 128Mi

5
apps/crawl4ai-proxy/kustomization.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml

14
apps/crawl4ai-proxy/service.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: crawl4ai-proxy
namespace: crawl4ai
spec:
type: ClusterIP
selector:
app: crawl4ai-proxy
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

62
apps/crawl4ai/deployment.yaml
View File

@@ -1,62 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: crawl4ai
namespace: crawl4ai
spec:
replicas: 1
selector:
matchLabels:
app: crawl4ai
template:
metadata:
labels:
app: crawl4ai
spec:
containers:
- name: crawl4ai
image: unclecode/crawl4ai:latest
imagePullPolicy: IfNotPresent
env:
- name: CRAWL4AI_API_TOKEN
valueFrom:
secretKeyRef:
name: crawl4ai-secret
key: api_token
optional: false
- name: MAX_CONCURRENT_TASKS
value: "5"
ports:
- name: http
containerPort: 11235
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 6
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 6
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: "2"
memory: 4Gi
volumeMounts:
- name: dshm
mountPath: /dev/shm
volumes:
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 1Gi

7
apps/crawl4ai/kustomization.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- secret.yaml
- deployment.yaml
- service.yaml

4
apps/crawl4ai/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: crawl4ai

38
apps/crawl4ai/secret.yaml
View File

@@ -1,38 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: crawl4ai-secret
namespace: crawl4ai
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: crawl4ai
namespace: crawl4ai
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: crawl4ai
serviceAccount: crawl4ai-secret
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: crawl4ai-secret
namespace: crawl4ai
spec:
type: kv-v2
mount: secret
path: crawl4ai
destination:
create: true
name: crawl4ai-secret
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: crawl4ai

14
apps/crawl4ai/service.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: crawl4ai
namespace: crawl4ai
spec:
type: ClusterIP
selector:
app: crawl4ai
ports:
- name: http
port: 11235
targetPort: 11235
protocol: TCP

49
apps/garm/README.md
View File

@@ -1,49 +0,0 @@
# garm
This app deploys `garm` with external `garm-provider-k8s`.
- API/UI ingress: `https://garm.lumpiasty.xyz`
- Internal service DNS: `http://garm.garm.svc.cluster.local:9997`
## Vault secret requirements
`VaultStaticSecret` reads `secret/data/garm` and expects at least:
- `jwt_auth_secret`
- `database_passphrase` (must be 32 characters)
## Connect garm to Gitea
After Flux reconciles this app, initialize garm and add Gitea endpoint/credentials.
```bash
# 1) Initialize garm (from your local devenv shell)
garm-cli init \
--name homelab \
--url https://garm.lumpiasty.xyz \
--username admin \
--email admin@lumpiasty.xyz \
--password '<STRONG_ADMIN_PASSWORD>' \
--metadata-url http://garm.garm.svc.cluster.local:9997/api/v1/metadata \
--callback-url http://garm.garm.svc.cluster.local:9997/api/v1/callbacks \
--webhook-url http://garm.garm.svc.cluster.local:9997/webhooks
# 2) Add Gitea endpoint
garm-cli gitea endpoint create \
--name local-gitea \
--description 'Cluster Gitea' \
--base-url http://gitea-http.gitea.svc.cluster.local:80 \
--api-base-url http://gitea-http.gitea.svc.cluster.local:80/api/v1
# 3) Add Gitea PAT credentials
garm-cli gitea credentials add \
--name gitea-pat \
--description 'PAT for garm' \
--endpoint local-gitea \
--auth-type pat \
--pat-oauth-token '<GITEA_PAT_WITH_write:repository,write:organization>'
```
Then add repositories/orgs and create pools against provider `kubernetes_external`.
If Gitea refuses webhook installation to cluster-local URLs, set `gitea.config.webhook.ALLOWED_HOST_LIST` in `apps/gitea/release.yaml`.

19
apps/garm/configmap.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: garm-provider-k8s-config
namespace: garm
data:
provider-config.yaml: |
kubeConfigPath: ""
runnerNamespace: "garm-runners"
podTemplate:
spec:
restartPolicy: Never
flavors:
default:
requests:
cpu: 100m
memory: 512Mi
limits:
memory: 2Gi

106
apps/garm/deployment.yaml
View File

@@ -1,106 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: garm
namespace: garm
spec:
replicas: 1
selector:
matchLabels:
app: garm
template:
metadata:
labels:
app: garm
spec:
serviceAccountName: garm
initContainers:
- name: render-garm-config
image: alpine:3.23
env:
- name: JWT_AUTH_SECRET
valueFrom:
secretKeyRef:
name: garm-config
key: jwt_auth_secret
- name: DATABASE_PASSPHRASE
valueFrom:
secretKeyRef:
name: garm-config
key: database_passphrase
command:
- /bin/sh
- -ec
- |
cat <<EOF > /etc/garm/config.toml
[default]
enable_webhook_management = true
[logging]
enable_log_streamer = true
log_format = "text"
log_level = "info"
log_source = false
[metrics]
enable = true
disable_auth = false
[jwt_auth]
secret = "${JWT_AUTH_SECRET}"
time_to_live = "8760h"
[apiserver]
bind = "0.0.0.0"
port = 9997
use_tls = false
[apiserver.webui]
enable = true
[database]
backend = "sqlite3"
passphrase = "${DATABASE_PASSPHRASE}"
[database.sqlite3]
db_file = "/data/garm.db"
busy_timeout_seconds = 5
[[provider]]
name = "kubernetes_external"
description = "Kubernetes provider"
provider_type = "external"
[provider.external]
config_file = "/etc/garm/provider-config.yaml"
provider_executable = "/opt/garm/providers.d/garm-provider-k8s"
environment_variables = ["KUBERNETES_"]
EOF
volumeMounts:
- name: config-dir
mountPath: /etc/garm
containers:
- name: garm
image: gitea.lumpiasty.xyz/lumpiasty/garm-k8s:r1380
imagePullPolicy: IfNotPresent
command:
- /bin/garm
- --config
- /etc/garm/config.toml
ports:
- name: http
containerPort: 9997
volumeMounts:
- name: data
mountPath: /data
- name: config-dir
mountPath: /etc/garm
- name: provider-config
mountPath: /etc/garm/provider-config.yaml
subPath: provider-config.yaml
volumes:
- name: data
persistentVolumeClaim:
claimName: garm-lvmhdd
- name: config-dir
emptyDir: {}
- name: provider-config
configMap:
name: garm-provider-k8s-config

5
apps/garm/image-source.env
View File

@@ -1,5 +0,0 @@
# renovate: datasource=github-refs depName=cloudbase/garm versioning=git
GARM_COMMIT=818a9dddccba5f2843f185e6a846770988f31fc5
GARM_COMMIT_NUMBER=1380
GARM_IMAGE_REPO=gitea.lumpiasty.xyz/lumpiasty/garm-k8s
GARM_IMAGE=gitea.lumpiasty.xyz/lumpiasty/garm-k8s:r1380

24
apps/garm/ingress.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: garm
name: garm
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx-ingress
rules:
- host: garm.lumpiasty.xyz
http:
paths:
- backend:
service:
name: garm
port:
number: 9997
path: /
pathType: Prefix
tls:
- hosts:
- garm.lumpiasty.xyz
secretName: garm-ingress

11
apps/garm/kustomization.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- pvc.yaml
- configmap.yaml
- service.yaml
- ingress.yaml
- rbac.yaml
- secret.yaml
- deployment.yaml

9
apps/garm/namespace.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: garm
---
apiVersion: v1
kind: Namespace
metadata:
name: garm-runners

46
apps/garm/pvc.yaml
View File

@@ -1,46 +0,0 @@
---
apiVersion: local.openebs.io/v1alpha1
kind: LVMVolume
metadata:
labels:
kubernetes.io/nodename: anapistula-delrosalae
name: garm-lvmhdd
namespace: openebs
spec:
capacity: 5Gi
ownerNodeID: anapistula-delrosalae
shared: "yes"
thinProvision: "no"
vgPattern: ^openebs-hdd$
volGroup: openebs-hdd
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: garm-lvmhdd
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hdd-lvmpv
volumeMode: Filesystem
csi:
driver: local.csi.openebs.io
fsType: btrfs
volumeHandle: garm-lvmhdd
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: garm-lvmhdd
namespace: garm
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: hdd-lvmpv
volumeName: garm-lvmhdd

51
apps/garm/rbac.yaml
View File

@@ -1,51 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: garm
namespace: garm
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: garm-provider-k8s
namespace: garm-runners
rules:
- apiGroups: [""]
resources: ["pods", "pods/log", "configmaps", "secrets", "events"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: garm-provider-k8s
namespace: garm-runners
subjects:
- kind: ServiceAccount
name: garm
namespace: garm
roleRef:
kind: Role
name: garm-provider-k8s
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: garm-namespace-manager
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: garm-namespace-manager
subjects:
- kind: ServiceAccount
name: garm
namespace: garm
roleRef:
kind: ClusterRole
name: garm-namespace-manager
apiGroup: rbac.authorization.k8s.io

32
apps/garm/secret.yaml
View File

@@ -1,32 +0,0 @@
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: garm
namespace: garm
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: garm
serviceAccount: garm
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: garm-config
namespace: garm
spec:
type: kv-v2
mount: secret
path: garm
destination:
create: true
name: garm-config
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: garm

14
apps/garm/service.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: garm
namespace: garm
spec:
type: ClusterIP
selector:
app: garm
ports:
- name: http
port: 9997
targetPort: 9997
protocol: TCP

9
apps/gitea/release.yaml
View File

@@ -72,8 +72,6 @@ spec:
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
webhook:
ALLOWED_HOST_LIST: garm.garm.svc.cluster.local,woodpecker.lumpiasty.xyz
admin:
username: GiteaAdmin
email: gi@tea.com
@@ -90,11 +88,6 @@ spec:
# Requirement for sharing ip with other service
externalTrafficPolicy: Cluster
ipFamilyPolicy: RequireDualStack
http:
type: ClusterIP
# We need the service to be at port 80 specifically
# to work around bug of Actions Runner
port: 80
ingress:
enabled: true
@@ -102,7 +95,7 @@ spec:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "1g"
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
hosts:
- host: gitea.lumpiasty.xyz
paths:

2
apps/immich/release.yaml
View File

@@ -18,7 +18,7 @@ spec:
chart:
spec:
chart: immich
version: 1.2.2
version: 1.1.1
sourceRef:
kind: HelmRepository
name: secustor

5
apps/kustomization.yaml
View File

@@ -1,9 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crawl4ai
- crawl4ai-proxy
- authentik
- gitea
- renovate
- librechat
@@ -14,5 +11,3 @@ resources:
- searxng
- ispeak3
- openwebui
- garm
- woodpecker

40
apps/llama/configs/config.yaml
View File

@@ -4,16 +4,12 @@ logToStdout: "both" # proxy and upstream
macros:
base_args: "--no-warmup --port ${PORT}"
common_args: "--fit-target 1536 --no-warmup --port ${PORT}"
gemma3_ctx_128k: "--ctx-size 131072"
qwen35_ctx_128k: "--ctx-size 131072"
qwen35_ctx_256k: "--ctx-size 262144"
common_args: "--fit-target 1536 --fit-ctx 65536 --no-warmup --port ${PORT}"
gemma_sampling: "--prio 2 --temp 1.0 --repeat-penalty 1.0 --min-p 0.00 --top-k 64 --top-p 0.95"
qwen35_sampling: "--temp 0.6 --top-p 0.95 --top-k 20 --min-p 0.00 -ctk q8_0 -ctv q8_0"
qwen35_35b_args: "--temp 1.0 --min-p 0.00 --top-p 0.95 --top-k 20 -ctk q8_0 -ctv q8_0"
qwen35_sampling: "--temp 0.6 --top-p 0.95 --top-k 20 --min-p 0.00 -ctk q4_0 -ctv q4_0"
qwen35_35b_args: "--temp 1.0 --min-p 0.00 --top-p 0.95 --top-k 20 -ctk q4_0 -ctv q4_0"
qwen35_35b_heretic_mmproj: "--mmproj-url https://huggingface.co/unsloth/Qwen3.5-35B-A3B-GGUF/resolve/main/mmproj-F16.gguf --mmproj /root/.cache/llama.cpp/unsloth_Qwen3.5-35B-A3B-GGUF_mmproj-F16.gguf"
qwen35_4b_heretic_mmproj: "--mmproj-url https://huggingface.co/unsloth/Qwen3.5-4B-GGUF/resolve/main/mmproj-F16.gguf --mmproj /root/.cache/llama.cpp/unsloth_Qwen3.5-4B-GGUF_mmproj-F16.gguf"
glm47_flash_args: "--temp 0.7 --top-p 1.0 --min-p 0.01 --repeat-penalty 1.0"
thinking_on: "--chat-template-kwargs '{\"enable_thinking\": true}'"
thinking_off: "--chat-template-kwargs '{\"enable_thinking\": false}'"
@@ -42,7 +38,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/gemma-3-12b-it-GGUF:Q4_K_M
${gemma3_ctx_128k}
${gemma_sampling}
${common_args}
@@ -50,7 +45,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/gemma-3-12b-it-GGUF:Q4_K_M
${gemma3_ctx_128k}
${gemma_sampling}
--no-mmproj
${common_args}
@@ -59,7 +53,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/gemma-3-4b-it-GGUF:Q4_K_M
${gemma3_ctx_128k}
${gemma_sampling}
${common_args}
@@ -67,7 +60,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/gemma-3-4b-it-GGUF:Q4_K_M
${gemma3_ctx_128k}
${gemma_sampling}
--no-mmproj
${common_args}
@@ -83,14 +75,13 @@ models:
--top-p 0.95
--top-k 40
--repeat-penalty 1.0
-ctk q8_0 -ctv q8_0
-ctk q4_0 -ctv q4_0
${common_args}
"Qwen3.5-35B-A3B-GGUF:Q4_K_M":
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-35B-A3B-GGUF:Q4_K_M
${qwen35_ctx_256k}
${qwen35_35b_args}
${common_args}
@@ -98,7 +89,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-35B-A3B-GGUF:Q4_K_M
${qwen35_ctx_256k}
${qwen35_35b_args}
${common_args}
${thinking_off}
@@ -110,7 +100,6 @@ models:
/app/llama-server
-hf mradermacher/Qwen3.5-35B-A3B-heretic-GGUF:Q4_K_M
${qwen35_35b_heretic_mmproj}
${qwen35_ctx_256k}
${qwen35_35b_args}
${common_args}
@@ -119,7 +108,6 @@ models:
/app/llama-server
-hf mradermacher/Qwen3.5-35B-A3B-heretic-GGUF:Q4_K_M
${qwen35_35b_heretic_mmproj}
${qwen35_ctx_256k}
${qwen35_35b_args}
${common_args}
${thinking_off}
@@ -128,7 +116,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-0.8B-GGUF:Q4_K_XL
${qwen35_ctx_256k}
${qwen35_sampling}
${base_args}
${thinking_on}
@@ -146,7 +133,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-2B-GGUF:Q4_K_M
${qwen35_ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -155,7 +141,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-2B-GGUF:Q4_K_M
${qwen35_ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -164,7 +149,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-4B-GGUF:Q4_K_M
${qwen35_ctx_128k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -173,7 +157,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-4B-GGUF:Q4_K_M
${qwen35_ctx_128k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -183,7 +166,6 @@ models:
/app/llama-server
-hf mradermacher/Qwen3.5-4B-heretic-GGUF:Q4_K_M
${qwen35_4b_heretic_mmproj}
${qwen35_ctx_128k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -193,7 +175,6 @@ models:
/app/llama-server
-hf mradermacher/Qwen3.5-4B-heretic-GGUF:Q4_K_M
${qwen35_4b_heretic_mmproj}
${qwen35_ctx_128k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -202,7 +183,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-9B-GGUF:Q4_K_M
${qwen35_ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -211,7 +191,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-9B-GGUF:Q4_K_M
${qwen35_ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -220,7 +199,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-9B-GGUF:Q3_K_M
${qwen35_ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -229,7 +207,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-9B-GGUF:Q3_K_M
${qwen35_ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -238,7 +215,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-27B-GGUF:Q3_K_M
${qwen35_ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -247,14 +223,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-27B-GGUF:Q3_K_M
${qwen35_ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_off}
"GLM-4.7-Flash-GGUF:Q4_K_M":
cmd: |
/app/llama-server
-hf unsloth/GLM-4.7-Flash-GGUF:Q4_K_M
${glm47_flash_args}
${common_args}

2
apps/llama/deployment.yaml
View File

@@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: llama-swap
image: ghcr.io/mostlygeek/llama-swap:v199-vulkan-b8589
image: ghcr.io/mostlygeek/llama-swap:v197-vulkan-b8248
imagePullPolicy: IfNotPresent
command:
- /app/llama-swap

1
apps/openwebui/kustomization.yaml
View File

@@ -4,6 +4,5 @@ resources:
- namespace.yaml
- pvc.yaml
- pvc-pipelines.yaml
- secret.yaml
- release.yaml
- ingress.yaml

29
apps/openwebui/release.yaml
View File

@@ -18,7 +18,7 @@ spec:
chart:
spec:
chart: open-webui
version: 13.0.1
version: 12.10.0
sourceRef:
kind: HelmRepository
name: open-webui
@@ -44,30 +44,3 @@ spec:
persistence:
enabled: true
existingClaim: openwebui-pipelines-lvmhdd
# SSO with Authentik
extraEnvVars:
- name: WEBUI_URL
value: "https://openwebui.lumpiasty.xyz"
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: openwebui-authentik
key: client_id
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: openwebui-authentik
key: client_secret
- name: OAUTH_PROVIDER_NAME
value: "authentik"
- name: OPENID_PROVIDER_URL
value: "https://authentik.lumpiasty.xyz/application/o/open-web-ui/.well-known/openid-configuration"
- name: OPENID_REDIRECT_URI
value: "https://openwebui.lumpiasty.xyz/oauth/oidc/callback"
- name: ENABLE_OAUTH_SIGNUP
value: "true"
- name: ENABLE_LOGIN_FORM
value: "false"
- name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL
value: "true"

43
apps/openwebui/secret.yaml
View File

@@ -1,43 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: openwebui-secret
namespace: openwebui
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: openwebui
namespace: openwebui
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: openwebui
serviceAccount: openwebui-secret
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: openwebui-authentik
namespace: openwebui
spec:
type: kv-v2
mount: secret
path: authentik/openwebui
destination:
create: true
name: openwebui-authentik
type: Opaque
transformation:
excludeRaw: true
templates:
client_id:
text: '{{ get .Secrets "client_id" }}'
client_secret:
text: '{{ get .Secrets "client_secret" }}'
vaultAuthRef: openwebui

1
apps/renovate/configmap.yaml
View File

@@ -9,4 +9,3 @@ data:
RENOVATE_ENDPOINT: https://gitea.lumpiasty.xyz/api/v1
RENOVATE_PLATFORM: gitea
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate@lumpiasty.xyz>
RENOVATE_ALLOWED_COMMANDS: '["^node utils/update-garm-cli-hash\\.mjs$", "^node utils/update-garm-image-pin\\.mjs$"]'

2
apps/renovate/cronjob.yaml
View File

@@ -15,7 +15,7 @@ spec:
- name: renovate
# Update this to the latest available and then enable Renovate on
# the manifest
image: renovate/renovate:43.95.0-full
image: renovate/renovate:43.64.6-full
envFrom:
- secretRef:
name: renovate-gitea-token

8
apps/woodpecker/kustomization.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- postgres-volume.yaml
- postgres-cluster.yaml
- release.yaml
- secret.yaml

5
apps/woodpecker/namespace.yaml
View File

@@ -1,5 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: woodpecker

23
apps/woodpecker/postgres-cluster.yaml
View File

@@ -1,23 +0,0 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: woodpecker-postgresql-cluster
namespace: woodpecker
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
bootstrap:
initdb:
database: woodpecker
owner: woodpecker
storage:
pvcTemplate:
storageClassName: ssd-lvmpv
resources:
requests:
storage: 10Gi
volumeName: woodpecker-postgresql-cluster-lvmssd

33
apps/woodpecker/postgres-volume.yaml
View File

@@ -1,33 +0,0 @@
apiVersion: local.openebs.io/v1alpha1
kind: LVMVolume
metadata:
labels:
kubernetes.io/nodename: anapistula-delrosalae
name: woodpecker-postgresql-cluster-lvmssd
namespace: openebs
spec:
capacity: 10Gi
ownerNodeID: anapistula-delrosalae
shared: "yes"
thinProvision: "no"
vgPattern: ^openebs-ssd$
volGroup: openebs-ssd
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: woodpecker-postgresql-cluster-lvmssd
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: ssd-lvmpv
volumeMode: Filesystem
csi:
driver: local.csi.openebs.io
fsType: btrfs
volumeHandle: woodpecker-postgresql-cluster-lvmssd
---
# PVC is dynamically created by the Postgres operator

115
apps/woodpecker/release.yaml
View File

@@ -1,115 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: woodpecker
namespace: woodpecker
spec:
interval: 24h
url: https://woodpecker-ci.org/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: woodpecker
namespace: woodpecker
spec:
interval: 30m
chart:
spec:
chart: woodpecker
version: 3.5.1
sourceRef:
kind: HelmRepository
name: woodpecker
namespace: woodpecker
interval: 12h
values:
server:
enabled: true
statefulSet:
replicaCount: 1
persistentVolume:
enabled: false # Using Postgresql database
env:
WOODPECKER_HOST: "https://woodpecker.lumpiasty.xyz"
# Gitea integration
WOODPECKER_GITEA: "true"
WOODPECKER_GITEA_URL: "https://gitea.lumpiasty.xyz"
# PostgreSQL database configuration
WOODPECKER_DATABASE_DRIVER: postgres
# Password is loaded from woodpecker-postgresql-cluster-app secret (created by CNPG)
WOODPECKER_DATABASE_DATASOURCE:
valueFrom:
secretKeyRef:
name: woodpecker-postgresql-cluster-app
key: fqdn-uri
# Allow logging in from all accounts on Gitea
WOODPECKER_OPEN: "true"
# Make lumpiasty admin
WOODPECKER_ADMIN: GiteaAdmin
createAgentSecret: true
extraSecretNamesForEnvFrom:
- woodpecker-secrets
ingress:
enabled: true
ingressClassName: nginx-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
hosts:
- host: woodpecker.lumpiasty.xyz
paths:
- path: /
backend:
serviceName: woodpecker-server
servicePort: 80
tls:
- hosts:
- woodpecker.lumpiasty.xyz
secretName: woodpecker-ingress
resources:
requests:
cpu: 100m
memory: 256Mi
service:
type: ClusterIP
port: 80
agent:
enabled: true
replicaCount: 2
env:
WOODPECKER_SERVER: "woodpecker-server:9000"
WOODPECKER_BACKEND: kubernetes
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: ssd-lvmpv
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
WOODPECKER_CONNECT_RETRY_COUNT: "5"
mapAgentSecret: true
extraSecretNamesForEnvFrom:
- woodpecker-secrets
persistence:
enabled: false
serviceAccount:
create: true
rbac:
create: true
resources:
requests:
cpu: 100m
memory: 128Mi

62
apps/woodpecker/secret.yaml
View File

@@ -1,62 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: woodpecker-secret
namespace: woodpecker
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: woodpecker
namespace: woodpecker
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: woodpecker
serviceAccount: woodpecker-secret
---
# Main woodpecker secrets from Vault
# Requires vault kv put secret/woodpecker \
# WOODPECKER_AGENT_SECRET="$(openssl rand -hex 32)" \
# WOODPECKER_GITEA_CLIENT="<gitea-oauth-client>" \
# WOODPECKER_GITEA_SECRET="<gitea-oauth-secret>"
# Note: Database password comes from CNPG secret (woodpecker-postgresql-cluster-app)
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: woodpecker-secrets
namespace: woodpecker
spec:
type: kv-v2
mount: secret
path: woodpecker
destination:
create: true
name: woodpecker-secrets
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: woodpecker
---
# Container registry credentials for Kaniko
# Requires vault kv put secret/container-registry \
# REGISTRY_USERNAME="<username>" \
# REGISTRY_PASSWORD="<token>"
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: container-registry
namespace: woodpecker
spec:
type: kv-v2
mount: secret
path: container-registry
destination:
create: true
name: container-registry
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: woodpecker

87
devenv.lock
View File

@@ -3,11 +3,10 @@
"devenv": {
"locked": {
"dir": "src/modules",
"lastModified": 1773504385,
"narHash": "sha256-ANaeR+xVHxjGz36VI4qlZUbdhrlSE0xU7O7AUJKw3zU=",
"lastModified": 1769881431,
"owner": "cachix",
"repo": "devenv",
"rev": "4bce49e6f60c69e99eeb643efbbf74125cefd329",
"rev": "72d5e66e2dd5112766ef4c9565872b51094b542d",
"type": "github"
},
"original": {
@@ -17,13 +16,27 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
@@ -35,6 +48,47 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769069492,
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1762808025,
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"krew2nix": {
"inputs": {
"flake-utils": "flake-utils",
@@ -45,11 +99,10 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1773451905,
"narHash": "sha256-S/bukFEwbOYQbnR5UpciwYA42aEt1w5LK73GwARhsaA=",
"lastModified": 1769904483,
"owner": "a1994sc",
"repo": "krew2nix",
"rev": "bc779a8cf59ebf76ae60556bfe2d781a0a4cdbd9",
"rev": "17d6ad3375899bd3f7d4d298481536155f3ec13c",
"type": "github"
},
"original": {
@@ -60,11 +113,10 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1773389992,
"narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=",
"lastModified": 1769461804,
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c06b4ae3d6599a672a6210b7021d699c351eebda",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@@ -77,14 +129,17 @@
"root": {
"inputs": {
"devenv": "devenv",
"git-hooks": "git-hooks",
"krew2nix": "krew2nix",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"pre-commit-hooks": [
"git-hooks"
]
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
@@ -99,7 +154,6 @@
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
@@ -119,11 +173,10 @@
]
},
"locked": {
"lastModified": 1773297127,
"narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
"lastModified": 1769691507,
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
"rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b",
"type": "github"
},
"original": {
@@ -135,4 +188,4 @@
},
"root": "root",
"version": 7
}
}

5
devenv.nix
View File

@@ -6,8 +6,6 @@ let
hvac
librouteros
]);
garm-cli = pkgs.callPackage ./nix/garm-cli.nix { };
in
{
# Overlays - apply krew2nix to get kubectl with krew support
@@ -43,9 +41,6 @@ in
openbao
pv-migrate
mermaid-cli
opencode
garm-cli
tea
];
# Scripts

28
docker/garm/Dockerfile
View File

@@ -1,28 +0,0 @@
FROM golang:1.26-alpine AS build
ARG GARM_COMMIT
ARG GARM_PROVIDER_K8S_VERSION=0.3.2
RUN apk add --no-cache ca-certificates git wget tar build-base util-linux-dev linux-headers
WORKDIR /src
RUN git clone https://github.com/cloudbase/garm.git . && git checkout "${GARM_COMMIT}"
RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \
go build -trimpath \
-tags osusergo,netgo,sqlite_omit_load_extension \
-ldflags="-linkmode external -extldflags '-static' -s -w" \
-o /out/garm ./cmd/garm
RUN mkdir -p /out/providers.d \
&& wget -qO /tmp/garm-provider-k8s.tar.gz "https://github.com/mercedes-benz/garm-provider-k8s/releases/download/v${GARM_PROVIDER_K8S_VERSION}/garm-provider-k8s_Linux_x86_64.tar.gz" \
&& tar -xzf /tmp/garm-provider-k8s.tar.gz -C /out/providers.d \
&& chmod 0755 /out/providers.d/garm-provider-k8s
FROM busybox
COPY --from=build /out/garm /bin/garm
COPY --from=build /out/providers.d/garm-provider-k8s /opt/garm/providers.d/garm-provider-k8s
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
ENTRYPOINT ["/bin/garm"]

2
infra/controllers/cert-manager-webhook-ovh.yaml
View File

@@ -18,7 +18,7 @@ spec:
chart:
spec:
chart: cert-manager-webhook-ovh
version: 0.9.5
version: 0.9.4
sourceRef:
kind: HelmRepository
name: cert-manager-webhook-ovh

2
infra/controllers/cert-manager.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: cert-manager
version: v1.20.1
version: v1.20.0
sourceRef:
kind: HelmRepository
name: cert-manager

2
infra/controllers/cilium.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: cilium
version: 1.19.2
version: 1.19.1
sourceRef:
kind: HelmRepository
name: cilium

2
infra/controllers/k8up.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: k8up
version: 4.9.0
version: 4.8.6
sourceRef:
kind: HelmRepository
name: k8up-io

2
infra/controllers/nginx-ingress.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: ingress-nginx
version: 4.15.1
version: 4.15.0
sourceRef:
kind: HelmRepository
name: ingress-nginx

2
infra/controllers/openbao.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: openbao
version: 0.26.2
version: 0.25.7
sourceRef:
kind: HelmRepository
name: openbao

16
monke/gpt-researcher.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Secret
metadata:
name: tavily
namespace: gpt-researcher
stringData:
TAVILY_API_KEY: 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
---
apiVersion: v1
kind: Secret
metadata:
name: openrouter
namespace: gpt-researcher
stringData:
OPENROUTER_API_KEY: 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

45
nix/garm-cli.nix
View File

@@ -1,45 +0,0 @@
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
buildGoModule rec {
pname = "garm-cli";
version = "r1380";
garmCommit = "818a9dddccba5f2843f185e6a846770988f31fc5";
src = fetchFromGitHub {
owner = "cloudbase";
repo = "garm";
rev = garmCommit;
hash = "sha256-CTqqabNYUMSrmnQVCWml1/vkDw+OP1uJo1KFhBSZpYY=";
};
subPackages = [ "cmd/garm-cli" ];
nativeBuildInputs = [ installShellFiles ];
vendorHash = null;
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
];
postInstall = ''
# We need to set a temporary HOME for the completion scripts as workaround
# because garm-cli tries to write config to the home directory
# when generating the completion scripts
export HOME="$(mktemp -d)"
installShellCompletion --cmd garm-cli \
--bash <($out/bin/garm-cli completion bash) \
--fish <($out/bin/garm-cli completion fish) \
--zsh <($out/bin/garm-cli completion zsh)
'';
meta = {
description = "CLI for GitHub Actions Runner Manager";
homepage = "https://github.com/cloudbase/garm";
license = lib.licenses.asl20;
mainProgram = "garm-cli";
};
}

49
renovate.json
View File

@@ -10,57 +10,8 @@
"gotk-components\\.ya?ml$"
]
},
"customManagers": [
{
"customType": "regex",
"description": "Track garm-cli pinned main commit",
"managerFilePatterns": ["^nix/garm-cli\\.nix$"],
"matchStrings": ["garmCommit = \\\"(?<currentValue>[a-f0-9]{40})\\\";"],
"depNameTemplate": "cloudbase/garm",
"datasourceTemplate": "github-refs",
"versioningTemplate": "git"
},
{
"customType": "regex",
"description": "Track garm-provider-k8s release in garm image Dockerfile",
"managerFilePatterns": ["^docker/garm/Dockerfile$"],
"matchStrings": ["ARG GARM_PROVIDER_K8S_VERSION=(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)"],
"depNameTemplate": "mercedes-benz/garm-provider-k8s",
"datasourceTemplate": "github-releases",
"versioningTemplate": "semver"
},
{
"customType": "regex",
"description": "Track pinned garm main commit",
"managerFilePatterns": ["^apps/garm/image-source\\.env$"],
"matchStrings": ["GARM_COMMIT=(?<currentValue>[a-f0-9]{40})"],
"depNameTemplate": "cloudbase/garm",
"datasourceTemplate": "github-refs",
"versioningTemplate": "git"
}
],
"prHourlyLimit": 9,
"packageRules": [
{
"matchManagers": ["custom.regex"],
"matchDepNames": ["cloudbase/garm"],
"matchFileNames": ["nix/garm-cli.nix"],
"postUpgradeTasks": {
"commands": ["node utils/update-garm-cli-hash.mjs"],
"fileFilters": ["nix/garm-cli.nix"],
"executionMode": "update"
}
},
{
"matchManagers": ["custom.regex"],
"matchDepNames": ["cloudbase/garm"],
"matchFileNames": ["apps/garm/image-source.env"],
"postUpgradeTasks": {
"commands": ["node utils/update-garm-image-pin.mjs"],
"fileFilters": ["apps/garm/image-source.env", "apps/garm/deployment.yaml"],
"executionMode": "update"
}
},
{
"matchDatasources": ["docker"],
"matchPackageNames": ["ghcr.io/mostlygeek/llama-swap"],

320
utils/update-garm-cli-hash.mjs
View File

@@ -1,320 +0,0 @@
import { createHash } from "node:crypto";
import { Buffer } from "node:buffer";
import fs from "node:fs";
import https from "node:https";
import zlib from "node:zlib";
const nixFile = "nix/garm-cli.nix";
function die(message) {
console.error(message);
process.exit(1);
}
function readText(filePath) {
try {
return fs.readFileSync(filePath, "utf8");
} catch {
die(`Missing ${filePath}`);
}
}
function extractVersion(text) {
const match = text.match(/^\s*version\s*=\s*"([^"]+)";/m);
if (!match) {
die(`Unable to extract version from ${nixFile}`);
}
return match[1];
}
function extractCommit(text) {
const match = text.match(/^\s*garmCommit\s*=\s*"([a-f0-9]{40})";/m);
return match ? match[1] : null;
}
function writeU64LE(hash, value) {
const buf = Buffer.alloc(8);
buf.writeBigUInt64LE(BigInt(value), 0);
hash.update(buf);
}
function writeNarString(hash, data) {
writeU64LE(hash, data.length);
hash.update(data);
const pad = (8 - (data.length % 8)) % 8;
if (pad) {
hash.update(Buffer.alloc(pad));
}
}
function writeNarText(hash, text) {
writeNarString(hash, Buffer.from(text, "utf8"));
}
function parseOctal(field) {
const clean = field.toString("ascii").replace(/\0.*$/, "").trim();
if (!clean) {
return 0;
}
return Number.parseInt(clean, 8);
}
function parseTarHeader(block) {
const name = block.subarray(0, 100).toString("utf8").replace(/\0.*$/, "");
const mode = parseOctal(block.subarray(100, 108));
const size = parseOctal(block.subarray(124, 136));
const typeflagRaw = block[156];
const typeflag = typeflagRaw === 0 ? "0" : String.fromCharCode(typeflagRaw);
const linkname = block.subarray(157, 257).toString("utf8").replace(/\0.*$/, "");
const prefix = block.subarray(345, 500).toString("utf8").replace(/\0.*$/, "");
return {
name: prefix ? `${prefix}/${name}` : name,
mode,
size,
typeflag,
linkname,
};
}
function parsePax(data) {
const out = {};
let i = 0;
while (i < data.length) {
let sp = i;
while (sp < data.length && data[sp] !== 0x20) sp += 1;
if (sp >= data.length) break;
const len = Number.parseInt(data.subarray(i, sp).toString("utf8"), 10);
if (!Number.isFinite(len) || len <= 0) break;
const record = data.subarray(sp + 1, i + len).toString("utf8");
const eq = record.indexOf("=");
if (eq > 0) {
const key = record.slice(0, eq);
const value = record.slice(eq + 1).replace(/\n$/, "");
out[key] = value;
}
i += len;
}
return out;
}
function parseTarEntries(archiveBuffer) {
const gz = zlib.gunzipSync(archiveBuffer);
const entries = [];
let i = 0;
let pendingPax = null;
let longName = null;
let longLink = null;
while (i + 512 <= gz.length) {
const header = gz.subarray(i, i + 512);
i += 512;
if (header.every((b) => b === 0)) {
break;
}
const h = parseTarHeader(header);
const data = gz.subarray(i, i + h.size);
const dataPad = (512 - (h.size % 512)) % 512;
i += h.size + dataPad;
if (h.typeflag === "x") {
pendingPax = parsePax(data);
continue;
}
if (h.typeflag === "g") {
continue;
}
if (h.typeflag === "L") {
longName = data.toString("utf8").replace(/\0.*$/, "");
continue;
}
if (h.typeflag === "K") {
longLink = data.toString("utf8").replace(/\0.*$/, "");
continue;
}
const path = pendingPax?.path ?? longName ?? h.name;
const linkpath = pendingPax?.linkpath ?? longLink ?? h.linkname;
entries.push({
path,
typeflag: h.typeflag,
mode: h.mode,
linkname: linkpath,
data,
});
pendingPax = null;
longName = null;
longLink = null;
}
return entries;
}
function stripTopDir(path) {
const cleaned = path.replace(/^\.?\//, "").replace(/\/$/, "");
const idx = cleaned.indexOf("/");
if (idx === -1) return "";
return cleaned.slice(idx + 1);
}
function ensureDir(root, relPath) {
if (!relPath) return root;
const parts = relPath.split("/").filter(Boolean);
let cur = root;
for (const part of parts) {
let child = cur.children.get(part);
if (!child) {
child = { kind: "directory", children: new Map() };
cur.children.set(part, child);
}
if (child.kind !== "directory") {
die(`Path conflict while building tree at ${relPath}`);
}
cur = child;
}
return cur;
}
function buildTree(entries) {
const root = { kind: "directory", children: new Map() };
for (const entry of entries) {
const rel = stripTopDir(entry.path);
if (!rel) {
continue;
}
const parts = rel.split("/").filter(Boolean);
const name = parts.pop();
const parent = ensureDir(root, parts.join("/"));
if (entry.typeflag === "5") {
const existing = parent.children.get(name);
if (!existing) {
parent.children.set(name, { kind: "directory", children: new Map() });
} else if (existing.kind !== "directory") {
die(`Path conflict at ${rel}`);
}
continue;
}
if (entry.typeflag === "2") {
parent.children.set(name, { kind: "symlink", target: entry.linkname });
continue;
}
if (entry.typeflag === "0") {
parent.children.set(name, {
kind: "regular",
executable: (entry.mode & 0o111) !== 0,
contents: Buffer.from(entry.data),
});
continue;
}
}
return root;
}
function compareUtf8(a, b) {
return Buffer.from(a, "utf8").compare(Buffer.from(b, "utf8"));
}
function narDump(hash, node) {
if (node.kind === "directory") {
writeNarText(hash, "(");
writeNarText(hash, "type");
writeNarText(hash, "directory");
const names = [...node.children.keys()].sort(compareUtf8);
for (const name of names) {
writeNarText(hash, "entry");
writeNarText(hash, "(");
writeNarText(hash, "name");
writeNarString(hash, Buffer.from(name, "utf8"));
writeNarText(hash, "node");
narDump(hash, node.children.get(name));
writeNarText(hash, ")");
}
writeNarText(hash, ")");
return;
}
if (node.kind === "symlink") {
writeNarText(hash, "(");
writeNarText(hash, "type");
writeNarText(hash, "symlink");
writeNarText(hash, "target");
writeNarString(hash, Buffer.from(node.target, "utf8"));
writeNarText(hash, ")");
return;
}
writeNarText(hash, "(");
writeNarText(hash, "type");
writeNarText(hash, "regular");
if (node.executable) {
writeNarText(hash, "executable");
writeNarText(hash, "");
}
writeNarText(hash, "contents");
writeNarString(hash, node.contents);
writeNarText(hash, ")");
}
function fetchBuffer(url) {
return new Promise((resolve, reject) => {
https
.get(url, (res) => {
if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
const redirectUrl = new URL(res.headers.location, url).toString();
res.resume();
fetchBuffer(redirectUrl).then(resolve, reject);
return;
}
if (!res.statusCode || res.statusCode < 200 || res.statusCode >= 300) {
reject(new Error(`Failed to fetch ${url}: ${res.statusCode ?? "unknown"}`));
res.resume();
return;
}
const chunks = [];
res.on("data", (chunk) => chunks.push(chunk));
res.on("end", () => resolve(Buffer.concat(chunks)));
})
.on("error", reject);
});
}
function computeSRIFromGitHubTar(ref) {
const url = `https://github.com/cloudbase/garm/archive/${ref}.tar.gz`;
return fetchBuffer(url).then((archive) => {
const entries = parseTarEntries(archive);
const root = buildTree(entries);
const hash = createHash("sha256");
writeNarText(hash, "nix-archive-1");
narDump(hash, root);
return `sha256-${hash.digest("base64")}`;
});
}
function updateHash(text, sri) {
const pattern = /(^\s*hash\s*=\s*")sha256-[^"]+(";)/m;
if (!pattern.test(text)) {
die(`Unable to update hash in ${nixFile}`);
}
const next = text.replace(pattern, `$1${sri}$2`);
return next;
}
async function main() {
const text = readText(nixFile);
const version = extractVersion(text);
const commit = extractCommit(text);
const ref = commit ?? `v${version}`;
const sri = await computeSRIFromGitHubTar(ref);
const updated = updateHash(text, sri);
fs.writeFileSync(nixFile, updated, "utf8");
console.log(`Updated ${nixFile} hash to ${sri}`);
}
main().catch((err) => die(err.message));

91
utils/update-garm-image-pin.mjs
View File

@@ -1,91 +0,0 @@
import fs from "node:fs";
import os from "node:os";
import path from "node:path";
import { execFileSync } from "node:child_process";
const pinFile = "apps/garm/image-source.env";
const deploymentFile = "apps/garm/deployment.yaml";
function fail(message) {
console.error(message);
process.exit(1);
}
function parseEnvFile(content) {
const vars = {};
for (const line of content.split(/\r?\n/)) {
if (!line || line.startsWith("#")) {
continue;
}
const idx = line.indexOf("=");
if (idx === -1) {
continue;
}
const key = line.slice(0, idx).trim();
const value = line.slice(idx + 1).trim();
vars[key] = value;
}
return vars;
}
function updateOrAdd(content, key, value) {
const pattern = new RegExp(`^${key}=.*$`, "m");
if (pattern.test(content)) {
return content.replace(pattern, `${key}=${value}`);
}
return `${content.trimEnd()}\n${key}=${value}\n`;
}
function gitOut(args, options = {}) {
return execFileSync("git", args, {
encoding: "utf8",
...options,
}).trim();
}
function gitRun(args, options = {}) {
execFileSync("git", args, options);
}
const pinContent = fs.readFileSync(pinFile, "utf8");
const vars = parseEnvFile(pinContent);
const commit = vars.GARM_COMMIT;
const imageRepo = vars.GARM_IMAGE_REPO || "gitea.lumpiasty.xyz/lumpiasty/garm-k8s";
if (!commit || !/^[0-9a-f]{40}$/.test(commit)) {
fail(`Invalid or missing GARM_COMMIT in ${pinFile}`);
}
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "garm-main-"));
let commitNumber;
try {
gitRun(["clone", "--filter=blob:none", "https://github.com/cloudbase/garm.git", tmpDir], {
stdio: "ignore",
});
commitNumber = gitOut(["-C", tmpDir, "rev-list", "--count", commit]);
} finally {
fs.rmSync(tmpDir, { recursive: true, force: true });
}
if (!/^\d+$/.test(commitNumber)) {
fail(`Unable to resolve commit number for ${commit}`);
}
const image = `${imageRepo}:r${commitNumber}`;
let nextPin = pinContent;
nextPin = updateOrAdd(nextPin, "GARM_COMMIT_NUMBER", commitNumber);
nextPin = updateOrAdd(nextPin, "GARM_IMAGE_REPO", imageRepo);
nextPin = updateOrAdd(nextPin, "GARM_IMAGE", image);
fs.writeFileSync(pinFile, nextPin, "utf8");
const deployment = fs.readFileSync(deploymentFile, "utf8");
const imagePattern = /image:\s*(?:ghcr\.io\/cloudbase\/garm:[^\s]+|gitea\.lumpiasty\.xyz\/(?:Lumpiasty|lumpiasty)\/garm(?:-k8s)?:[^\s]+)/;
if (!imagePattern.test(deployment)) {
fail(`Unable to update garm image in ${deploymentFile}`);
}
const updatedDeployment = deployment.replace(imagePattern, `image: ${image}`);
fs.writeFileSync(deploymentFile, updatedDeployment, "utf8");
console.log(`Pinned garm image to ${image}`);

6
vault/kubernetes-roles/authentik.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- authentik-secret
bound_service_account_namespaces:
- authentik
token_policies:
- authentik

6
vault/kubernetes-roles/crawl4ai.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- crawl4ai-secret
bound_service_account_namespaces:
- crawl4ai
token_policies:
- crawl4ai

6
vault/kubernetes-roles/garm.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- garm
bound_service_account_namespaces:
- garm
token_policies:
- garm

6
vault/kubernetes-roles/openwebui.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- openwebui-secret
bound_service_account_namespaces:
- openwebui
token_policies:
- openwebui

6
vault/kubernetes-roles/woodpecker.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- woodpecker-secret
bound_service_account_namespaces:
- woodpecker
token_policies:
- woodpecker

3
vault/policy/authentik.hcl
View File

@@ -1,3 +0,0 @@
path "secret/data/authentik" {
capabilities = ["read"]
}

3
vault/policy/crawl4ai.hcl
View File

@@ -1,3 +0,0 @@
path "secret/data/crawl4ai" {
capabilities = ["read"]
}

7
vault/policy/garm.hcl
View File

@@ -1,7 +0,0 @@
path "secret/data/garm" {
capabilities = ["read"]
}
path "secret/data/backblaze" {
capabilities = ["read"]
}

3
vault/policy/openwebui.hcl
View File

@@ -1,3 +0,0 @@
path "secret/data/authentik/openwebui" {
capabilities = ["read"]
}

7
vault/policy/woodpecker.hcl
View File

@@ -1,7 +0,0 @@
path "secret/data/woodpecker" {
capabilities = ["read"]
}
path "secret/data/container-registry" {
capabilities = ["read"]
}